Please backport two recent-manager patches
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GTK+ |
Fix Released
|
Medium
|
|||
gtk+2.0 (Ubuntu) |
Fix Released
|
Critical
|
Simon Quigley | ||
Xenial |
Fix Released
|
Critical
|
Simon Quigley | ||
Yakkety |
Won't Fix
|
Critical
|
Unassigned | ||
Zesty |
Fix Released
|
Critical
|
Simon Quigley | ||
Artful |
Fix Released
|
Critical
|
Simon Quigley |
Bug Description
[Impact]
Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs.
[Test Case]
In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://
The commenter reports that the Proof of Concept can be built with the following command:
gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0`
[Regression Potential]
This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions.
As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following:
"...
However, the incoming fix set a large number of items (1000) as a hard limit.
...
Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all."
Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself.
tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK.
[Original Description]
https:/
https:/
Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here:
https:/
For the GTK3 version of this bug, see bug 1641914
Note that MATE is GTK2 only for Ubuntu 16.04 LTS.
Changed in gtk+2.0 (Ubuntu): | |
status: | New → Confirmed |
tags: | added: xenial yakkety zesty |
description: | updated |
Changed in gtk: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Changed in gtk+2.0 (Ubuntu): | |
importance: | Undecided → Critical |
Changed in gtk+2.0 (Ubuntu Xenial): | |
importance: | Undecided → Critical |
Changed in gtk+2.0 (Ubuntu Yakkety): | |
importance: | Undecided → Critical |
Changed in gtk+2.0 (Ubuntu): | |
importance: | Critical → High |
Changed in gtk+2.0 (Ubuntu Xenial): | |
importance: | Critical → High |
importance: | High → Critical |
Changed in gtk+2.0 (Ubuntu): | |
importance: | High → Critical |
Changed in gtk+2.0 (Ubuntu Xenial): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
status: | Confirmed → In Progress |
Changed in gtk+2.0 (Ubuntu): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
status: | Confirmed → In Progress |
Changed in gtk+2.0 (Ubuntu Zesty): | |
status: | New → In Progress |
importance: | Undecided → Critical |
Changed in gtk+2.0 (Ubuntu Zesty): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
tags: |
added: artful removed: verification-needed yakkety |
Status changed to 'Confirmed' because the bug affects multiple users.