Ubuntu
apturl package

extremely long URL causes apturl to DoS window manager

Bug #783594 reported by Marc Deslauriers
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
apturl (Ubuntu)
Fix Released
Low
Michael Vogt
Lucid
Fix Released
Low
Marc Deslauriers
Maverick
Fix Released
Low
Marc Deslauriers
Natty
Fix Released
Low
Marc Deslauriers
Oneiric
Fix Released
Low
Michael Vogt

Bug Description

Binary package hint: apturl

Visiting a web page with a extremely long (10k character) apt URL causes apturl to try and display the whole thing in a message dialog, which causes the window manager to crash when drawing the titlebar.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: apturl 0.4.2ubuntu5
ProcVersionSignature: Ubuntu 2.6.38-9.43-generic 2.6.38.4
Uname: Linux 2.6.38-9-generic x86_64
Architecture: amd64
Date: Mon May 16 13:48:29 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110302)
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: apturl
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Changed in apturl (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

apturl fix:

http://bazaar.launchpad.net/~ubuntu-core-dev/apturl/ubuntu/revision/108
http://bazaar.launchpad.net/~ubuntu-core-dev/apturl/ubuntu/revision/109

Changed in apturl (Ubuntu):
importance: Undecided → Low
Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Natty):
importance: Undecided → Low
Changed in apturl (Ubuntu Maverick):
importance: Undecided → Low
Changed in apturl (Ubuntu Lucid):
importance: Undecided → Low
Changed in apturl (Ubuntu Natty):
status: New → Confirmed
Changed in apturl (Ubuntu Maverick):
status: New → Confirmed
Changed in apturl (Ubuntu Lucid):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Oneiric):
assignee: Marc Deslauriers (mdeslaur) → Michael Vogt (mvo)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.2ubuntu5.1

---------------
apturl (0.4.2ubuntu5.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:46:41 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.1ubuntu7.1

---------------
apturl (0.4.1ubuntu7.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:53:38 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.1ubuntu4.1

---------------
apturl (0.4.1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:57:01 -0400

Changed in apturl (Ubuntu Lucid):
status: Confirmed → Fix Released
Changed in apturl (Ubuntu Maverick):
status: Confirmed → Fix Released
Changed in apturl (Ubuntu Natty):
status: Confirmed → Fix Released
Revision history for this message
zana dell (zdell4c) wrote :

I am new to Ubuntu. How does this bug affect my computer? How do I get rid of it.

LE VAN TAM (levantam82)
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → LE VAN TAM (levantam82)
Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Lucid):
assignee: LE VAN TAM (levantam82) → Marc Deslauriers (mdeslaur)
M McManaman (micmac124)
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → M McManaman (micmac124)
Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Lucid):
assignee: M McManaman (micmac124) → Marc Deslauriers (mdeslaur)
bill hulston (wall8ce)
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → bill hulston (wall8ce)
Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Lucid):
assignee: bill hulston (wall8ce) → Marc Deslauriers (mdeslaur)
ryan ivey (ryancivey)
Changed in apturl (Ubuntu Maverick):
assignee: Marc Deslauriers (mdeslaur) → ryan ivey (ryancivey)
Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Maverick):
assignee: ryan ivey (ryancivey) → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Oneiric):
status: Confirmed → Fix Released
Revision history for this message
ke1fr (ke1fr) wrote :

i just downloaded the new 11.04 and got the bug..how can i fix it?
i was trying to received updates from update manager
thank you

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.