COMMAND

    gnumeric

SYSTEMS AFFECTED

    RedHat 6.0

PROBLEM

    Following  is  based  on  RedHat  advisory.   A potential security
    problem has been  fixed in the  gnumeric spreadsheet package.   At
    the request  of the  gnumeric maintainer  a new  version is  being
    released by Red Hat which addresses potential security issues with
    the version of gnumeric shipped in Red Hat Linux 6.0.

    The Gnumeric spreadsheet contains a number of "plugins".  Some  of
    these plugins allow users to define functions in Perl, Python  and
    Guile and export those to  the Gnumeric engine.  The  Guile plugin
    was  exporting  a  dangerous  function  that  allowed  any user to
    execute  arbitrary  scheme  code.   Which  means  that  a gnumeric
    spredsheet file might have  contained malicious code and  it would
    have been  executed when  Gnumeric evaluates  the contents  of the
    cell.

SOLUTION

    RPMs required:

      Intel: ftp://updates.redhat.com/6.0/i386
        gnumeric-0.27-1.i386.rpm

      Alpha: ftp://updates.redhat.com/6.0/alpha
        gnumeric-0.27-1.alpha.rpm

      Sparc: ftp://updates.redhat.com/6.0/sparc
        gnumeric-0.27-1.sparc.rpm