Opened 9 months ago
Closed 9 months ago
#20068 closed enhancement (fixed)
gtk+3-3.24.43
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (8)
comment:1 by , 9 months ago
| Priority: | normal → elevated |
|---|
- Stop looking for modules in cwd (CVE-2024-6655)
comment:2 by , 9 months ago
Here's a bug report with details on this issue: https://gitlab.gnome.org/GNOME/gtk/-/issues/6786
Library injection vulnerabilities are nasty. There's a proof of concept inside of the above bug report. From Red Hat (https://bugzilla.redhat.com/show_bug.cgi?id=2297098), this also impacts GTK2
comment:4 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
I'll get this later today, taking this from my dentist's office.
follow-up: 6 comment:5 by , 9 months ago
I called the second part of the PoC malicious-gtk-foo.c but it doesn't compile for me:
ken@deluxe /tmp $gcc -shared -fPIC -o libfoo.so /sources/malicious-gtk-foo.c
/sources/malicious-gtk-foo.c:3:9: error: #include expects "FILENAME" or <FILENAME>
3 | #include
| ^
/sources/malicious-gtk-foo.c: In function ‘woot’:
/sources/malicious-gtk-foo.c:8:1: error: expected expression before ‘^’ token
8 | ^Ifprintf(stderr, "HELLO!n");
| ^
ken@deluxe /tmp $echo $?
1
If I give #include a filename likely to exist on BLFS (stddef.h) I get past the first error, but not the second. That is on gcc14.
comment:6 by , 9 months ago
Replying to ken@…:
I called the second part of the PoC malicious-gtk-foo.c but it doesn't compile for me:
ken@deluxe /tmp $gcc -shared -fPIC -o libfoo.so /sources/malicious-gtk-foo.c /sources/malicious-gtk-foo.c:3:9: error: #include expects "FILENAME" or <FILENAME> 3 | #include | ^ /sources/malicious-gtk-foo.c: In function ‘woot’: /sources/malicious-gtk-foo.c:8:1: error: expected expression before ‘^’ token 8 | ^Ifprintf(stderr, "HELLO!n"); | ^ ken@deluxe /tmp $echo $? 1If I give #include a filename likely to exist on BLFS (stddef.h) I get past the first error, but not the second. That is on gcc14.
Hi Ken,
That looks like an insert error. There doesn't seem to be a I in the upstream version. Here's what I got to compile and work successfully:
#include <stdio.h>
static void woot(void) __attribute__((constructor));
static void woot(void) {
fprintf(stderr, "HELLO!\n");
}
comment:7 by , 9 months ago
Thanks. I got it to compile at the second attempt, but when I invoke gimp I do not see the message so for current BLFS-dev I don't think gtk2 is likely to be vulnerable.
On older systems, maybe.
comment:8 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 3a0bebf6bbe319acb4a20bacd815b33afcbcf508
SA-12.1-073 issued
