MDVSA-2010:241 -- Mandriva gnucashID: oval:org.secpod.oval:def:300048 | Date: (C)2012-01-07 (M)2021-07-09 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in gnucash: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory . The affected /usr/bin/gnc-test-env file has been removed to mitigate the CVE-2010-3999 vulnerability as gnc-test-env is only used for tests and while building gnucash. Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible with guile. This update adapts gnucash to the new API of guile.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |