| 2008-01-17 00:20:22 |
Oleg Vaskevich |
bug |
|
|
added bug |
| 2008-04-03 00:44:16 |
Oleg Vaskevich |
title |
Decompression bombs may lead to system overloads |
Denial of service through decompression bombs |
|
| 2008-06-14 13:51:50 |
Michael Nagel |
None: status |
New |
Incomplete |
|
| 2008-06-21 19:14:43 |
Oleg Vaskevich |
description |
Decompression bombs, which result from a small file being uncompressed into a bigger one, can freeze the current application such as a browser, virus scanner, search tool and create system instability. More information about these bombs can be found here:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Sorry if this is already known of/unpreventable, but it can really harm and freeze a computer, depending on the size of the compressed file. Examples are available off the previous link. |
Decompression bombs, which result from a small file being uncompressed into a bigger one, can freeze the current application such as a browser, virus scanner, search tool and create system instability. More information about this can be found here:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Sorry if this is already known of/unpreventable, but it can really harm and freeze a computer, depending on the size of the compressed file. Examples are available off the previous link.
Expected Behavior: An alert shown to the user, earlier termination of the application opening such file, or end in processing of that file.
Actual behavior: Application freezes (ui) and eventually the whole system starts lagging. Perhaps applications should have a "maximum cpu usage allowed" or something like that? |
|
| 2008-11-01 18:04:05 |
Michael Nagel |
None: bugtargetdisplayname |
Ubuntu |
file-roller (Ubuntu) |
|
| 2008-11-01 18:04:05 |
Michael Nagel |
None: bugtargetname |
ubuntu |
file-roller (Ubuntu) |
|
| 2008-11-01 18:04:05 |
Michael Nagel |
None: statusexplanation |
thanks for reporting, but right here in the launchpad bug tracker we track precise bugs, that is where expected behavior does not match expected behavior and it's clear what should be done. this issue can not (yet, because it should be discussed WHAT EXACTLY should be done) be adressed thus... |
|
|
| 2008-11-01 18:04:05 |
Michael Nagel |
None: title |
Bug #183660 in Ubuntu: "Denial of service through decompression bombs" |
Bug #183660 in file-roller (Ubuntu): "Denial of service through decompression bombs" |
|
| 2008-11-02 11:25:33 |
Sebastien Bacher |
file-roller: importance |
Undecided |
Low |
|
| 2008-11-02 11:25:33 |
Sebastien Bacher |
file-roller: assignee |
|
desktop-bugs |
|
| 2008-11-02 11:37:02 |
Michael Nagel |
file-roller: status |
Incomplete |
Confirmed |
|
| 2009-06-03 13:07:06 |
Sebastien Bacher |
bug task added |
|
fileroller |
|
| 2009-07-29 14:36:41 |
Pedro Villavicencio |
bug watch added |
|
http://bugzilla.gnome.org/show_bug.cgi?id=590148 |
|
| 2009-07-29 14:36:41 |
Pedro Villavicencio |
file-roller (Ubuntu): status |
Confirmed |
Triaged |
|
| 2009-07-29 14:37:02 |
Pedro Villavicencio |
file-roller: importance |
Undecided |
Unknown |
|
| 2009-07-29 14:37:02 |
Pedro Villavicencio |
file-roller: status |
New |
Unknown |
|
| 2009-07-29 14:37:02 |
Pedro Villavicencio |
file-roller: remote watch |
|
GNOME Bug Tracker #590148 |
|
| 2009-07-29 15:03:05 |
Bug Watch Updater |
file-roller: status |
Unknown |
New |
|
| 2010-09-16 19:34:45 |
Bug Watch Updater |
file-roller: importance |
Unknown |
Medium |
|
| 2011-04-27 21:06:55 |
Jamie Strandboge |
security vulnerability |
yes |
no |
|
| 2011-04-27 21:06:56 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Bugs |
| 2011-04-27 21:06:58 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
| 2017-01-02 15:56:47 |
Bug Watch Updater |
file-roller: status |
New |
Confirmed |
|
