Ludwig Nussel discovered that tomboy contained a script that could be abused by an attacker to execute arbitrary code.
The vulnerability is due to an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries in directories other than the standard paths. When there is an empty item in the colon-separated list of directories in LD_LIBRARY_PATH, ld.so(8) treats it as a '.' (current working directory). If the given script is executed from a directory where a local attacker could write files, there is a chance for exploitation.
In Fedora, both /usr/bin/tomboy and /usr/bin/tomboy-panel re-set LD_LIBRARY_PATH insecurely:
A solution is to patch the script to use ':+:' properly:
Created tomboy tracking bugs for this issue
Affects: fedora-all [bug 644956]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.