On Sat, 04 Jul 2020 17:23:52 +0200 Atri Bhattacharya <badshah400@opensuse.org> wrote:
Hi Doug
On Sat, 2020-07-04 at 02:35 -0400, Doug McGarrett wrote:
I am finding that certain very common apps appear to be missing from the latest OpenSUSE Tumbleweed--for instance, Artha. That's just one.
We dropped artha from the distro because it has been unmaintained by upstream for many years and susceptible to security issues (e.g. https://bugzilla.suse.com/show_bug.cgi?id=1143860). Please see if you can find some other dictionary app that doesn't hurt your system.
I just looked at the openSUSE bug report and went from there to various other links, including https://www.exploit-db.com/exploits/45760 but I still don't understand what the vulnerability actually is? It claims "Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)" (and note that Artha says it is a thesaurus rather than a spelling app) and the exploit itself is a python script that creates a small file containing 256 instances of the letter 'A'. But I don't understand what this has to do with Artha? Or what problem it causes (or even can cause?) What is one supposed to do with this script and Artha to cause a DOS? And what exactly gets DOSed - just Artha or my entire system or what? And how exactly would a python script get into my system and somehow run to interact with Artha to cause whatever probelm is alleged? Exactly what is the alleged problem? -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org