MDVSA-2011:035 -- Mandriva tomboyID: oval:org.secpod.oval:def:300413 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
A vulnerability has been found and corrected in tomboy: The tomboy and tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2 . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |