Jump to content

Advisories MDVSA-2010:241: gnucash


Recommended Posts

A vulnerability was discovered and corrected in gnucash:


gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length

directory name in the LD_LIBRARY_PATH, which allows local users to

gain privileges via a Trojan horse shared library in the current

working directory (CVE-2010-3999).


The affected /usr/bin/gnc-test-env file has been removed to mitigate

the CVE-2010-3999 vulnerability as gnc-test-env is only used for

tests and while building gnucash.


Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible

with guile. This update adapts gnucash to the new API of guile.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...