Date: Tue, 3 Aug 1999 09:23:03 -0500 From: Miguel de Icaza <miguel@GNU.ORG> Subject: Gnumeric potential security hole. To: BUGTRAQ@SECURITYFOCUS.COM The Gnumeric spreadsheet contains a number of "plugins". Some of these plugins allow users to define functions in Perl, Python and Guile and export those to the Gnumeric engine. The Guile plugin was exporting a dangerous function that allowed any user to execute arbitrary scheme code. Which means that a gnumeric spredsheet file might have contained malicious code and it would have been executed when Gnumeric evaluates the contents of the cell. To fix this you can either: 1. Upgrade your Gnumeric to a new version of it. 2. You can remove the libgnumguile plugin from the system. best wishes, Miguel