Jump to content

Advisories MDVSA-2010:241: gnucash


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in gnucash:

 

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length

directory name in the LD_LIBRARY_PATH, which allows local users to

gain privileges via a Trojan horse shared library in the current

working directory (CVE-2010-3999).

 

The affected /usr/bin/gnc-test-env file has been removed to mitigate

the CVE-2010-3999 vulnerability as gnc-test-env is only used for

tests and while building gnucash.

 

Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible

with guile. This update adapts gnucash to the new API of guile.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...