Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 08-03-2012, 04:57 PM   #1
Registered: Aug 2012
Posts: 479

Rep: Reputation: Disabled
[BUG] vte

vte, as packaged by Slackware through -current, has a bug which allows for a local DoS. Any program built against libvte (such as mosh or Xfce's Terminal) is vulnerable. Upstream corrected this starting with vte 0.32+ so I backported the fix for Slackware and provided Pat a copy.

To test, open Xfce's Terminal (/usr/bin/Terminal) and type:

echo -en "\e[9999999999P"
Watch your CPU go crazy in conky or gkrellm. /bin/kill that terminal to stop the madness.

An official Slackware patch is probably forthcoming. However, for the impatient among us, here's my fix. Just apply it to vte and rebuild.

Attached Files
File Type: txt CVE-2012-2738.txt (2.7 KB, 22 views)
Old 08-04-2012, 07:19 AM   #2
Registered: Aug 2012
Posts: 479

Original Poster
Rep: Reputation: Disabled
It wasn't clear in my last post that this patch applies against vte 0.28.x (as in -current). If demand exists, I guess I could work on patches back to 13.37 or maybe 13.1.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Dependencies Python vte bindings spiky0011 Linux From Scratch 4 05-15-2011 07:27 AM
Python using compiled VTE library sadarax Programming 4 07-23-2009 08:32 PM
VTE detection error _ AsiF Linux - Software 2 03-07-2008 09:04 PM
Unable to compile vte-0.11.10 powerloony Linux - Software 2 01-25-2005 05:56 AM
Trouble compiling vte-0.11.10 emu_123 Linux - Software 1 12-07-2003 01:41 AM

All times are GMT -5. The time now is 10:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration