From Mageia wiki
Jump to: navigation, search

MGASA-2012-0163

Date: July 14th, 2012
Affected releases: 1, 2


Description:
Updated vte packages fix security vulnerability:

A denial of service flaw was found in the way VTE, a terminal emulator
widget, processed certain escape sequences with large repeat counts.
A remote attacker could provide a specially-crafted file, which once
opened in a terminal using the VTE terminal emulator could lead to
excessive CPU consumption (CVE-2012-2738).


Updated Packages:
Mageia 1:
vte-0.26.2-2.1.mga1
python-vte-0.26.2-2.1.mga1
lib(64)vte9-0.26.2-2.1.mga1
lib(64)vte-devel-0.26.2-2.1.mga1

Mageia 2:
vte-0.28.2-4.1.mga2
python-vte-0.28.2-4.1.mga2
lib(64)vte9-0.28.2-4.1.mga2
lib(64)vte-devel-0.28.2-4.1.mga2
lib(64)vte-gir0.0-0.28.2-4.1.mga2
vte3-0.32.2-1.mga2
lib(64)vte2_90_9-0.32.2-1.mga2
lib(64)vte3-devel-0.32.2-1.mga2
lib(64)vte-gir2.90-0.32.2-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html
https://bugs.mageia.org/show_bug.cgi?id=6161