USN-138-1: gedit vulnerability
Posted on: 06/09/2005 11:25 AM

gedit security updates are available for Ubuntu Linux 4.10 and 5.04

==========================================================
Ubuntu Security Notice USN-138-1 June 09, 2005
gedit vulnerability
CAN-2005-1686
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gedit

The problem can be corrected by upgrading the affected package to version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.

This becomes security relevant if e. g. your web browser is configued to open URLs in gedit. If you never open untrusted file names or URLs in gedit, this flaw does not affect you.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.diff.gz
Size/MD5: 9414 605064f69529dfef55e811a14c482c44
http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.dsc
Size/MD5: 1751 ef7f5d4ec7adf77d7fe0eca3df751456
http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1.orig.tar.gz
Size/MD5: 4082500 38447bcce215ddc90205e60deee1f49a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.8.1-0ubuntu1.1_all.deb
Size/MD5: 1814036 1d7f5fc1152f90b902830602d7a1ae20

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_amd64.deb
Size/MD5: 501052 a58ebb5a3914c37a1f3cc7a339a3eecc

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_i386.deb
Size/MD5: 464902 7e5dc6f7a66976b530b0891c22a52a22

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_powerpc.deb
Size/MD5: 478494 b7b389f80fa6c37871d782e9bc368156

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.diff.gz
Size/MD5: 51287 b163e88c7caf983d1f863533c0d10e54
http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.dsc
Size/MD5: 1862 ae8f61880a855ec21f9419b8dcd513b5
http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2.orig.tar.gz
Size/MD5: 5148694 9469c2605ff2bcff589312bc0227a79d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.10.2-0ubuntu2_all.deb
Size/MD5: 834914 56aa2aee8546e88d451c432378d6ef07
http://security.ubuntu.com/ubuntu/pool/universe/g/gedit/gedit-dev_2.10.2-0ubuntu2_all.deb
Size/MD5: 41476 db0cb15d872dd629174d383c93aa8af5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_amd64.deb
Size/MD5: 494800 e0479c5e0e71065b7f38efcd715c4c0b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_i386.deb
Size/MD5: 463338 3aa98938e1a77e3c047d1f45eb895776

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_powerpc.deb
Size/MD5: 478466 3fd8cc7bcc5145dcd8d4c44a1885ffd1


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_138_1_gedit_vulnerability.html)