Package: mozilla-plugin-gnash Version: 0.8.4-2 Severity: important The gnash plugin seems to not waitpid for children and that way litters the process space. For instance liferea has 24 dead gtk-gnash children on my system.
It looks likely to be easy to create these zombies using specially crafted websites. So only by viewing a web page it should be possible to consume the process space and that way cause a denial of service. It should be possible to frequently invoke waitpid using WNOHANG. Helmut -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages mozilla-plugin-gnash depends on: ii gnash 0.8.4-2 free SWF movie player ii libc6 2.7-16 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1 GCC support library ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.1.5-2 X11 client-side library ii libxi6 2:1.1.4-1 X11 Input extension library mozilla-plugin-gnash recommends no packages. mozilla-plugin-gnash suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
