GTK could be made to run programs from the current directory.
Software Description:
- gtk+2.0: GTK graphical user interface library
- gtk+3.0: GTK graphical user interface library
Details:
It was discovered that GTK would attempt to load modules from the current
directory, contrary to expectations. If users started GTK applications from
shared directories, a local attacker could use this issue to execute
arbitrary code, and possibly escalate privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libgail-3-0t64 3.24.41-4ubuntu1.1 libgtk2.0-0t64 2.24.33-4ubuntu1.1 Ubuntu 22.04 LTS libgtk-3-0 3.24.33-1ubuntu2.2 libgtk2.0-0 2.24.33-2ubuntu2.1 Ubuntu 20.04 LTS libgtk-3-0 3.24.20-0ubuntu1.2 libgtk2.0-0 2.24.32-4ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6899-1
CVE-2024-6655
Get the latest Linux and open source security news straight to your inbox.