Ubuntu

extremely long URL causes apturl to DoS window manager

Reported by Marc Deslauriers on 2011-05-16
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
apturl (Ubuntu)
Low
Michael Vogt
Lucid
Low
Marc Deslauriers
Maverick
Low
Marc Deslauriers
Natty
Low
Marc Deslauriers
Oneiric
Low
Michael Vogt

Bug Description

Binary package hint: apturl

Visiting a web page with a extremely long (10k character) apt URL causes apturl to try and display the whole thing in a message dialog, which causes the window manager to crash when drawing the titlebar.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: apturl 0.4.2ubuntu5
ProcVersionSignature: Ubuntu 2.6.38-9.43-generic 2.6.38.4
Uname: Linux 2.6.38-9-generic x86_64
Architecture: amd64
Date: Mon May 16 13:48:29 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110302)
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: apturl
UpgradeStatus: No upgrade log present (probably fresh install)

Marc Deslauriers (mdeslaur) wrote :
Changed in apturl (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
Changed in apturl (Ubuntu Natty):
importance: Undecided → Low
Changed in apturl (Ubuntu Maverick):
importance: Undecided → Low
Changed in apturl (Ubuntu Lucid):
importance: Undecided → Low
Changed in apturl (Ubuntu Natty):
status: New → Confirmed
Changed in apturl (Ubuntu Maverick):
status: New → Confirmed
Changed in apturl (Ubuntu Lucid):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Oneiric):
assignee: Marc Deslauriers (mdeslaur) → Michael Vogt (mvo)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.2ubuntu5.1

---------------
apturl (0.4.2ubuntu5.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:46:41 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.1ubuntu7.1

---------------
apturl (0.4.1ubuntu7.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:53:38 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apturl - 0.4.1ubuntu4.1

---------------
apturl (0.4.1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
    - check URL for length and shorten it for error dialog in
      AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
    - Patch thanks to Micheal Vogt
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 16 May 2011 13:57:01 -0400

Changed in apturl (Ubuntu Lucid):
status: Confirmed → Fix Released
Changed in apturl (Ubuntu Maverick):
status: Confirmed → Fix Released
Changed in apturl (Ubuntu Natty):
status: Confirmed → Fix Released
zana dell (zdell4c) wrote :

I am new to Ubuntu. How does this bug affect my computer? How do I get rid of it.

LE VAN TAM (levantam82) on 2011-06-02
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → LE VAN TAM (levantam82)
Changed in apturl (Ubuntu Lucid):
assignee: LE VAN TAM (levantam82) → Marc Deslauriers (mdeslaur)
M McManaman (micmac124) on 2011-06-02
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → M McManaman (micmac124)
Changed in apturl (Ubuntu Lucid):
assignee: M McManaman (micmac124) → Marc Deslauriers (mdeslaur)
bill hulston (wall8ce) on 2011-06-09
Changed in apturl (Ubuntu Lucid):
assignee: Marc Deslauriers (mdeslaur) → bill hulston (wall8ce)
Changed in apturl (Ubuntu Lucid):
assignee: bill hulston (wall8ce) → Marc Deslauriers (mdeslaur)
ryan ivey (ryancivey) on 2011-06-12
Changed in apturl (Ubuntu Maverick):
assignee: Marc Deslauriers (mdeslaur) → ryan ivey (ryancivey)
Changed in apturl (Ubuntu Maverick):
assignee: ryan ivey (ryancivey) → Marc Deslauriers (mdeslaur)
Changed in apturl (Ubuntu Oneiric):
status: Confirmed → Fix Released
ke1fr (ke1fr) wrote :

i just downloaded the new 11.04 and got the bug..how can i fix it?
i was trying to received updates from update manager
thank you

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers