1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200903-16 / epiphany |
| Release Date | March 09, 2009 |
| Latest Revision | March 09, 2009: 01 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-client/epiphany | < 2.22.3-r2 | >= 2.22.3-r2 | All supported architectures |
Related bugreports: #257000
An untrusted search path vulnerability in Epiphany might result in the execution of arbitrary code.
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.
James Vega reported an untrusted search path vulnerability in the Python interface.
A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany.
Do not run "epiphany" from untrusted working directories.
All Epiphany users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2" |