USN-6899-1
- Source
- https://ubuntu.com/security/notices/USN-6899-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6899-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6899-1
- Related
- Published
- 2024-07-16T13:03:44.132550Z
- Modified
- 2024-07-16T13:03:44.132550Z
- Summary
- gtk+2.0, gtk+3.0 vulnerability
- Details
-
It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges.
- References
Affected packages
Ubuntu:20.04:LTS / gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.32-4ubuntu4.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "gir1.2-gtk-2.0"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "gtk2-engines-pixbuf"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "gtk2-engines-pixbuf-dbgsym"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "gtk2.0-examples"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "gtk2.0-examples-dbgsym"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail-common"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail-common-dbgsym"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail-dev"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail-doc"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail18"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail18-dbgsym"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgail18-udeb"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-0"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-0-dbgsym"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-0-udeb"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-bin"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-common"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-dev"
},
{
"binary_version": "2.24.32-4ubuntu4.1",
"binary_name": "libgtk2.0-doc"
}
]
}
Ubuntu:20.04:LTS / gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.20-0ubuntu1.2
Affected versions
3.*
3.24.12-1ubuntu1
3.24.13-1ubuntu1
3.24.14-1ubuntu1
3.24.17-3ubuntu1
3.24.18-1ubuntu1
3.24.20-0ubuntu1
3.24.20-0ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "gir1.2-gtk-3.0"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "gtk-3-examples"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "gtk-3-examples-dbgsym"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "gtk-update-icon-cache"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "gtk-update-icon-cache-dbgsym"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgail-3-0"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgail-3-0-dbgsym"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgail-3-dev"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgail-3-doc"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-0"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-0-dbgsym"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-0-udeb"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-bin"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-bin-dbgsym"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-common"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-dev"
},
{
"binary_version": "3.24.20-0ubuntu1.2",
"binary_name": "libgtk-3-doc"
}
]
}
Ubuntu:22.04:LTS / gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.33-2ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "gir1.2-gtk-2.0"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "gtk2-engines-pixbuf"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "gtk2-engines-pixbuf-dbgsym"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "gtk2.0-examples"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "gtk2.0-examples-dbgsym"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail-common"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail-common-dbgsym"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail-dev"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail-doc"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail18"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgail18-dbgsym"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-0"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-0-dbgsym"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-bin"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-common"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-dev"
},
{
"binary_version": "2.24.33-2ubuntu2.1",
"binary_name": "libgtk2.0-doc"
}
]
}
Ubuntu:22.04:LTS / gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.33-1ubuntu2.2
Affected versions
3.*
3.24.30-1ubuntu1
3.24.30-3ubuntu1
3.24.30-3ubuntu2
3.24.31-1ubuntu1
3.24.32-0ubuntu1
3.24.33-1ubuntu1
3.24.33-1ubuntu2
3.24.33-1ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "gir1.2-gtk-3.0"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "gtk-3-examples"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "gtk-3-examples-dbgsym"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "gtk-update-icon-cache"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "gtk-update-icon-cache-dbgsym"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgail-3-0"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgail-3-0-dbgsym"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgail-3-dev"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgail-3-doc"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-0"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-0-dbgsym"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-bin"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-bin-dbgsym"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-common"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-dev"
},
{
"binary_version": "3.24.33-1ubuntu2.2",
"binary_name": "libgtk-3-doc"
}
]
}
Ubuntu:24.04:LTS / gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.33-4ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "gir1.2-gtk-2.0"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "gtk2-engines-pixbuf"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "gtk2-engines-pixbuf-dbgsym"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail-common"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail-common-dbgsym"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail-dev"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail-doc"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail18t64"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgail18t64-dbgsym"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-0t64"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-0t64-dbgsym"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-bin"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-common"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-dev"
},
{
"binary_version": "2.24.33-4ubuntu1.1",
"binary_name": "libgtk2.0-doc"
}
]
}
Ubuntu:24.04:LTS / gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.41-4ubuntu1.1
Affected versions
3.*
3.24.38-5ubuntu1
3.24.38-5ubuntu2
3.24.39-1ubuntu1
3.24.40-2ubuntu1
3.24.41-1.1ubuntu3
3.24.41-1.1ubuntu4
3.24.41-4ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "gir1.2-gtk-3.0"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "gtk-3-examples"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "gtk-3-examples-dbgsym"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "gtk-update-icon-cache"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "gtk-update-icon-cache-dbgsym"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgail-3-0t64"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgail-3-0t64-dbgsym"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgail-3-dev"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgail-3-doc"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-0t64"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-0t64-dbgsym"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-bin"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-bin-dbgsym"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-common"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-dev"
},
{
"binary_version": "3.24.41-4ubuntu1.1",
"binary_name": "libgtk-3-doc"
}
]
}