[UCI-Linux] Fedora Core 4 Update: gedit-2.10.2-4

Mike Iglesias IGLESIAS at uci.edu
Sun Jun 26 22:05:32 PDT 2005

From: Ray Strode <rstrode at redhat.com>
To: fedora-announce-list at redhat.com
Date: Sun, 26 Jun 2005 17:18:25 -0400
Subject: Fedora Core 4 Update: gedit-2.10.2-4

Fedora Update Notification

Product     : Fedora Core 4
Name        : gedit
Version     : 2.10.2                      
Release     : 4                  
Summary     : gEdit is a small but powerful text editor for GNOME.
Description :
gEdit is a small but powerful text editor designed specifically for
the GNOME GUI desktop.  gEdit includes a plug-in API (which supports
extensibility while keeping the core binary small), support for
editing multiple documents using notebook tabs, and standard text
editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

Update Information:

An updated gedit package that fixes a file name format string vulnerability 
is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team  gEdit is a small text editor designed specifically for the GNOME GUI desktop.  

A file name format string vulnerability has been discovered in gEdit. It is
possible for an attacker to create a file with a carefully crafted name
which, when the file is opened, executes arbitrary instructions on a
victim's machine. Although it is unlikely that a user would manually open a
file with such a carefully crafted file name, a user could, for example, be
tricked into opening such a file from within an email client.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1686 to this issue. 

Users of gEdit should upgrade to this updated package, which contains a
backported patch to correct this issue.

* Tue Jun  7 2005 Ray Strode <rstrode at redhat.com> 1:2.10.2-4

- Dont pass user input as format specifiers to
  gtk_message_dialog_new (bug 159657).

This update can be downloaded from:

291c49505ea82dec5340de227d1203ec  SRPMS/gedit-2.10.2-4.src.rpm
93fda2f09dec2e2fc6428d50bdc7d669  ppc/gedit-2.10.2-4.ppc.rpm
6e300eda8afb5264ebed2d58a52676cd  ppc/gedit-devel-2.10.2-4.ppc.rpm
1e584bd71f8a898be0307527e57f4774  ppc/debug/gedit-debuginfo-2.10.2-4.ppc.rpm
d5236c9ad6c4fecef9ff43fc388c89ba  x86_64/gedit-2.10.2-4.x86_64.rpm
08e1a0e684d3a6746b4ce6451d6b2b3d  x86_64/gedit-devel-2.10.2-4.x86_64.rpm
ff2961c1627c57a8390a38377525ae5b  x86_64/debug/gedit-debuginfo-2.10.2-4.x86_64.rpm
4feaa7449692b5c33ab38d2e7304f236  i386/gedit-2.10.2-4.i386.rpm
be814fb7204f079767960071ca248ff7  i386/gedit-devel-2.10.2-4.i386.rpm
271dc9d8beacf6e5121d7497aa0a02c1  i386/debug/gedit-debuginfo-2.10.2-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

Thanks go to Bernd Bartmann for reminding me to send this announcement
out.  Sorry for the delay.

Ray Strode

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list