GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 09, 2009 7:26 pm Post subject: [ GLSA 200903-16 ] Epiphany: Untrusted search path |
|
|
Gentoo Linux Security Advisory
Title: Epiphany: Untrusted search path (GLSA 200903-16)
Severity: normal
Exploitable: local
Date: March 09, 2009
Bug(s): #257000
ID: 200903-16
Synopsis
An untrusted search path vulnerability in Epiphany might result in the
execution of arbitrary code.
Background
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine
Gecko.
Affected Packages
Package: www-client/epiphany
Vulnerable: < 2.22.3-r2
Unaffected: >= 2.22.3-r2
Architectures: All supported architectures
Description
James Vega reported an untrusted search path vulnerability in the
Python interface.
Impact
A local attacker could entice a user to run Epiphany from a directory
containing a specially crafted python module, resulting in the
execution of arbitrary code with the privileges of the user running
Epiphany.
Workaround
Do not run "epiphany" from untrusted working directories.
Resolution
All Epiphany users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2" |
References
CVE-2008-5985
Last edited by GLSA on Thu Aug 15, 2013 4:27 am; edited 2 times in total |
|