GKSu: Arbitrary command execution — GLSA 201812-10

A vulnerability in GKSu might allow attackers to execute arbitrary commands.

Affected packages

x11-libs/gksu on all architectures
Affected versions <= 2.0.2
Unaffected versions

Background

A library that provides a Gtk+ frontend to su and sudo.

Description

A vulnerability was discovered in GKSu’s gksu-run-helper.

Impact

An attacker could execute arbitrary commands.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for GKSu and recommends that users unmerge the package:

 # emerge --unmerge "x11-libs/gksu"
 

References

Release date
December 30, 2018

Latest revision
December 30, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries