[SECURITY] Fedora 14 Update: gnucash-2.3.15-2.fc14

Thu Nov 4 23:29:53 UTC 2010

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16762
2010-10-28 05:02:45
--------------------------------------------------------------------------------

Name        : gnucash
Product     : Fedora 14
Version     : 2.3.15
Release     : 2.fc14
URL         : http://gnucash.org/
Summary     : Finance management application
Description :
GnuCash is a personal finance manager. A check-book like register GUI
allows you to enter and track bank accounts, stocks, income and even
currency trades. The interface is designed to be simple and easy to
use, but is backed with double-entry accounting principles to ensure
balanced books.

--------------------------------------------------------------------------------
Update Information:

This removes an unneeded file in GnuCash that could cause a security issue if ran from a directory that other users had write access to.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 21 2010 Bill Nottingham <notting at redhat.com>
- don't ship gnc-test-env (#644933, CVE-2010-3999)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #644933 - CVE-2010-3999 gnucash: insecure library loading vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=644933
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnucash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------