GLSA-200904-03 : Gnumeric: Untrusted search path
Medium Nessus Plugin ID 36086
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200904-03 (Gnumeric: Untrusted search path)
James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric.
A local attacker could entice a user to run Gnumeric from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Gnumeric.
Do not run 'gnumeric' from untrusted working directories.
SolutionAll Gnumeric users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/gnumeric-1.8.4-r1'