Joined: 12 May 2004
|Posted: Mon Apr 06, 2009 10:26 pm Post subject: [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path
|Gentoo Linux Security Advisory
Title: Eye of GNOME: Untrusted search path (GLSA 200904-06)
Date: April 06, 2009
An untrusted search path vulnerability in the Eye of GNOME might result in the execution of arbitrary code.
The Eye of GNOME is the official image viewer for the GNOME Desktop environment.
Vulnerable: < 2.22.3-r3
Unaffected: >= 2.22.3-r3
Architectures: All supported architectures
James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983.
A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application.
Do not run "eog" from untrusted working directories.
All Eye of GNOME users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3"
Last edited by GLSA on Sat May 30, 2009 4:19 am; edited 2 times in total