GLSA-200903-16 : Epiphany: Untrusted search path
Medium Nessus Plugin ID 35814
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200903-16 (Epiphany: Untrusted search path)
James Vega reported an untrusted search path vulnerability in the Python interface.
A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany.
Do not run 'epiphany' from untrusted working directories.
SolutionAll Epiphany users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/epiphany-2.22.3-r2'