blob: 167fd1f6c6be62aa9001d0d0716cb9f1ee6a2737 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200904-03">
<title>Gnumeric: Untrusted search path</title>
An untrusted search path vulnerability in Gnumeric might result in the
execution of arbitrary code.
<product type="ebuild">gnumeric</product>
<announced>April 03, 2009</announced>
<revised>April 03, 2009: 01</revised>
<package name="app-office/gnumeric" auto="yes" arch="*">
<unaffected range="ge">1.8.4-r1</unaffected>
<vulnerable range="lt">1.8.4-r1</vulnerable>
The Gnumeric spreadsheet is a versatile application developed as part
of the GNOME Office project.
James Vega reported an untrusted search path vulnerability in the
GObject Python interpreter wrapper in Gnumeric.
<impact type="normal">
A local attacker could entice a user to run Gnumeric from a directory
containing a specially crafted python module, resulting in the
execution of arbitrary code with the privileges of the user running
Do not run "gnumeric" from untrusted working directories.
All Gnumeric users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/gnumeric-1.8.4-r1&quot;</code>
<uri link="">CVE-2009-0318</uri>
<metadata tag="submitter" timestamp="Thu, 02 Apr 2009 12:39:58 +0000">
<metadata tag="bugReady" timestamp="Thu, 02 Apr 2009 12:40:05 +0000">