Jump to content
Sign in to follow this  

Advisories MDVSA-2010:241: gnucash

Recommended Posts

A vulnerability was discovered and corrected in gnucash:


gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length

directory name in the LD_LIBRARY_PATH, which allows local users to

gain privileges via a Trojan horse shared library in the current

working directory (CVE-2010-3999).


The affected /usr/bin/gnc-test-env file has been removed to mitigate

the CVE-2010-3999 vulnerability as gnc-test-env is only used for

tests and while building gnucash.


Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible

with guile. This update adapts gnucash to the new API of guile.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...