MGASA-2012-0163
Date: | July 14th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated vte packages fix security vulnerability:
A denial of service flaw was found in the way VTE, a terminal emulator
widget, processed certain escape sequences with large repeat counts.
A remote attacker could provide a specially-crafted file, which once
opened in a terminal using the VTE terminal emulator could lead to
excessive CPU consumption (CVE-2012-2738).
Updated Packages:
Mageia 1:
vte-0.26.2-2.1.mga1
python-vte-0.26.2-2.1.mga1
lib(64)vte9-0.26.2-2.1.mga1
lib(64)vte-devel-0.26.2-2.1.mga1
Mageia 2:
vte-0.28.2-4.1.mga2
python-vte-0.28.2-4.1.mga2
lib(64)vte9-0.28.2-4.1.mga2
lib(64)vte-devel-0.28.2-4.1.mga2
lib(64)vte-gir0.0-0.28.2-4.1.mga2
vte3-0.32.2-1.mga2
lib(64)vte2_90_9-0.32.2-1.mga2
lib(64)vte3-devel-0.32.2-1.mga2
lib(64)vte-gir2.90-0.32.2-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html
https://bugs.mageia.org/show_bug.cgi?id=6161