Package name
gtk+
Date
2001-06-28
Advisory ID
MDKSA-2001:061
Affected versions
8.0 i586 , SNF7.2 i586 , 7.2 i586

Problem description

A vulnerability exists with the GTK+ toolkit in that the GTK_MODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+. With this, an attacker could create a custom module and load it using the toolkit which could result in elevated privileges, the overwriting of system files, and the execution of malicious code.

Updated packages

8.0 i586

 e69d344008f0586107848110bcde1832  8.0/RPMS/libgtk+1.2-1.2.10-1.1mdk.i586.rpm
63adf2b8a89cc2908379f8fba14dab70  8.0/RPMS/libgtk+1.2-devel-1.2.10-1.1mdk.i586.rpm
603dd72d9b9faf7f8a236c8f23fcd124  8.0/SRPMS/gtk+-1.2.10-1.1mdk.src.rpm

SNF7.2 i586

 69b447e2ce04ce9531daf9082e30c378  snf7.2/RPMS/gtk+-1.2.8-6.1mdk.i586.rpm
c0620e1959acc4d6614f92be886ec7e8  snf7.2/RPMS/gtk+-devel-1.2.8-6.1mdk.i586.rpm
c235f8c4dfebdae85d465847111c25da  snf7.2/SRPMS/gtk+-1.2.8-6.1mdk.src.rpm

7.2 i586

 69b447e2ce04ce9531daf9082e30c378  7.2/RPMS/gtk+-1.2.8-6.1mdk.i586.rpm
c0620e1959acc4d6614f92be886ec7e8  7.2/RPMS/gtk+-devel-1.2.8-6.1mdk.i586.rpm
c235f8c4dfebdae85d465847111c25da  7.2/SRPMS/gtk+-1.2.8-6.1mdk.src.rpm

References