Mandriva Linux Security Advisory : gtk+2.0 (MDVSA-2010:109)

Medium Nessus Plugin ID 46743


The remote Mandriva Linux host is missing one or more security updates.


A vulnerability was discovered and fixed in gtk+2.0 :

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times (CVE-2010-0732).

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: 90

This update fixes this issue.


Update the affected packages.

Plugin Details

Severity: Medium

ID: 46743

File Name: mandriva_MDVSA-2010-109.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2010/05/28

Modified: 2014/12/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.2

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gtk+2.0, p-cpe:/a:mandriva:linux:lib64gail-devel, p-cpe:/a:mandriva:linux:lib64gail18, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:lib64gtk+-x11-2.0_0, p-cpe:/a:mandriva:linux:lib64gtk+2.0_0, p-cpe:/a:mandriva:linux:lib64gtk+2.0_0-devel, p-cpe:/a:mandriva:linux:libgail-devel, p-cpe:/a:mandriva:linux:libgail18, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:libgtk+-x11-2.0_0, p-cpe:/a:mandriva:linux:libgtk+2.0_0, p-cpe:/a:mandriva:linux:libgtk+2.0_0-devel, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/05/27

Reference Information

CVE: CVE-2010-0732

BID: 38211

MDVSA: 2010:109