[CentOS] gigantic memory leak in Clock Applet...

Mon Jan 7 16:03:25 UTC 2013
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

m.roth at 5-cent.us wrote:
> ken wrote:
>>> On Sun, Jan 06, 2013 at 06:23:20PM -0500, ken wrote:
>>>> On 01/06/2013 05:18 PM fred smith wrote:
>>>>> On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote:
>>>>>> On 01/06/2013 09:55 AM fred smith wrote:
>>>>>>> On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote:
>>>>>>>> Fred,
>>>>>>>> Also running an up-to-date 5.8 but with just 2G of RAM,
>>>>>>>> clock-applet consumes the following:
>>>>>>>> 4133 me  15   0 29568 3748 2944 S  0.0  0.2 190:51.33 clock-applet
> <snip>
>>>>> it's the same version and size as yours, but the md5sum differs. have
>>>>> you perhaps disabled prelink? (I don't call that I have ever done so)
>>>>> It's not obvious to me what other (legitimate) event would account for
>>>>> the difference in checksum.
> <snip>
> I've not been in this thread, but the above cmt *deeply* disturbs me. I'd
> start by yum remove the package with the applet and reinstall... after
> double checking what mirror it's getting the package from.
> Yes, an infected repo is what's running through my mind, or a hijacked URL.

highly unlikely IMO.
Remember: packages are signed. A bad guy would also need to have the 
centos key...

and I believe prelink does this sort of thing.