MDKSA-2001:061-1
- Package name
- gtk+
- Date
- 2001-07-09
- Advisory ID
- MDKSA-2001:061-1
- Affected versions
- 8.0 i586 , SNF7.2 i586 , 7.2 i586
Problem description
A vulnerability exists with the GTK+ toolkit in that the GTK_MODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+. With this, an attacker could create a custom module and load it using the toolkit which could result in elevated privileges, the overwriting of system files, and the execution of malicious code. Update: The packages for 7.2 and Single Network Firewall 7.2 were not signed with our GnuPG key. Please note the changed MD5 values of the below packages.
Updated packages
8.0 i586
e69d344008f0586107848110bcde1832 8.0/RPMS/libgtk+1.2-1.2.10-1.1mdk.i586.rpm 63adf2b8a89cc2908379f8fba14dab70 8.0/RPMS/libgtk+1.2-devel-1.2.10-1.1mdk.i586.rpm 603dd72d9b9faf7f8a236c8f23fcd124 8.0/SRPMS/gtk+-1.2.10-1.1mdk.src.rpm
SNF7.2 i586
9b19591cc08f7956fa46debc38626e69 snf7.2/RPMS/gtk+-1.2.8-6.1mdk.i586.rpm bbaabd35e47f34e46c85c4f4994ef176 snf7.2/RPMS/gtk+-devel-1.2.8-6.1mdk.i586.rpm c235f8c4dfebdae85d465847111c25da snf7.2/SRPMS/gtk+-1.2.8-6.1mdk.src.rpm
7.2 i586
9b19591cc08f7956fa46debc38626e69 7.2/RPMS/gtk+-1.2.8-6.1mdk.i586.rpm bbaabd35e47f34e46c85c4f4994ef176 7.2/RPMS/gtk+-devel-1.2.8-6.1mdk.i586.rpm c235f8c4dfebdae85d465847111c25da 7.2/SRPMS/gtk+-1.2.8-6.1mdk.src.rpm