GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Apr 06, 2009 10:26 pm Post subject: [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path |
 |
|
Gentoo Linux Security Advisory
Title: Eye of GNOME: Untrusted search path (GLSA 200904-06)
Severity: normal
Exploitable: local
Date: April 06, 2009
Bug(s): #257002
ID: 200904-06
Synopsis
An untrusted search path vulnerability in the Eye of GNOME might result in the execution of arbitrary code.
Background
The Eye of GNOME is the official image viewer for the GNOME Desktop environment.
Affected Packages
Package: media-gfx/eog
Vulnerable: < 2.22.3-r3
Unaffected: >= 2.22.3-r3
Architectures: All supported architectures
Description
James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983.
Impact
A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround
Do not run "eog" from untrusted working directories.
Resolution
All Eye of GNOME users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3" |
References
CVE-2008-5983
CVE-2008-5987
Last edited by GLSA on Sat May 30, 2009 4:19 am; edited 2 times in total |
|
News & Announcements
