---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-402
2005-06-26
---------------------------------------------------------------------Product     : Fedora Core 3
Name        : gedit
Version     : 2.8.1                      
Release     : 2.fc3.1                  
Summary     : gEdit is a small but powerful text editor for GNOME.
Description :
gEdit is a small but powerful text editor designed specifically for
the GNOME GUI desktop.  gEdit includes a plug-in API (which supports
extensibility while keeping the core binary small), support for
editing multiple documents using notebook tabs, and standard text
editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

---------------------------------------------------------------------Update Information:

An updated gedit package that fixes a file name format string vulnerability 
is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team  gEdit is a small text editor designed specifically for the GNOME GUI desktop.  

A file name format string vulnerability has been discovered in gEdit. It is
possible for an attacker to create a file with a carefully crafted name
which, when the file is opened, executes arbitrary instructions on a
victim's machine. Although it is unlikely that a user would manually open a
file with such a carefully crafted file name, a user could, for example, be
tricked into opening such a file from within an email client.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1686 to this issue. 

Users of gEdit should upgrade to this updated package, which contains a
backported patch to correct this issue.    

---------------------------------------------------------------------* Tue Jun  7 2005 Ray Strode  1:2.8.1-2.fc3.1

- Dont pass user input as format specifiers to
  gtk_message_dialog_new (bug 159657).


---------------------------------------------------------------------This update can be downloaded from:
  
0cda03e960fa2a10affb26df06a137c8  SRPMS/gedit-2.8.1-2.fc3.1.src.rpm
e17d271ac464e23edd551516afae1c7f  x86_64/gedit-2.8.1-2.fc3.1.x86_64.rpm
e0c4cd2e6cfbd7c089521acae61e9320  x86_64/gedit-devel-2.8.1-2.fc3.1.x86_64.rpm
462896c74e203ef95b002f649cbee289  x86_64/debug/gedit-debuginfo-2.8.1-2.fc3.1.x86_64.rpm
c95bab56d29eed0c5320ada147fba03d  i386/gedit-2.8.1-2.fc3.1.i386.rpm
d4d49f857df7b492cd45f00d9f06efda  i386/gedit-devel-2.8.1-2.fc3.1.i386.rpm
72902a585ff2c43b57840b24d1868ecc  i386/debug/gedit-debuginfo-2.8.1-2.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------Thanks go to Bernd Bartmann for reminding me to send this announcement
out.  Sorry for the delay.

Ray Strode

--fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 3 Update: gedit-2.8.1-2.fc3.1

June 27, 2005
An updated gedit package that fixes a file name format string vulnerability is now available.

Summary

gEdit is a small but powerful text editor designed specifically for

the GNOME GUI desktop. gEdit includes a plug-in API (which supports

extensibility while keeping the core binary small), support for

editing multiple documents using notebook tabs, and standard text

editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

An updated gedit package that fixes a file name format string vulnerability

is now available.

This update has been rated as having moderate security impact by the Red

Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop.

A file name format string vulnerability has been discovered in gEdit. It is

possible for an attacker to create a file with a carefully crafted name

which, when the file is opened, executes arbitrary instructions on a

victim's machine. Although it is unlikely that a user would manually open a

file with such a carefully crafted file name, a user could, for example, be

tricked into opening such a file from within an email client. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name

CAN-2005-1686 to this issue.

Users of gEdit should upgrade to this updated package, which contains a

backported patch to correct this issue.

- Dont pass user input as format specifiers to

gtk_message_dialog_new (bug 159657).

0cda03e960fa2a10affb26df06a137c8 SRPMS/gedit-2.8.1-2.fc3.1.src.rpm

e17d271ac464e23edd551516afae1c7f x86_64/gedit-2.8.1-2.fc3.1.x86_64.rpm

e0c4cd2e6cfbd7c089521acae61e9320 x86_64/gedit-devel-2.8.1-2.fc3.1.x86_64.rpm

462896c74e203ef95b002f649cbee289 x86_64/debug/gedit-debuginfo-2.8.1-2.fc3.1.x86_64.rpm

c95bab56d29eed0c5320ada147fba03d i386/gedit-2.8.1-2.fc3.1.i386.rpm

d4d49f857df7b492cd45f00d9f06efda i386/gedit-devel-2.8.1-2.fc3.1.i386.rpm

72902a585ff2c43b57840b24d1868ecc i386/debug/gedit-debuginfo-2.8.1-2.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

out. Sorry for the delay.

Ray Strode

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-402 2005-06-26 Name : gedit Version : 2.8.1 Release : 2.fc3.1 Summary : gEdit is a small but powerful text editor for GNOME. Description : gEdit is a small but powerful text editor designed specifically for the GNOME GUI desktop. gEdit includes a plug-in API (which supports extensibility while keeping the core binary small), support for editing multiple documents using notebook tabs, and standard text editor functions. You'll need to have GNOME and GTK+ installed to use gEdit. An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1686 to this issue. Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue. - Dont pass user input as format specifiers to gtk_message_dialog_new (bug 159657). 0cda03e960fa2a10affb26df06a137c8 SRPMS/gedit-2.8.1-2.fc3.1.src.rpm e17d271ac464e23edd551516afae1c7f x86_64/gedit-2.8.1-2.fc3.1.x86_64.rpm e0c4cd2e6cfbd7c089521acae61e9320 x86_64/gedit-devel-2.8.1-2.fc3.1.x86_64.rpm 462896c74e203ef95b002f649cbee289 x86_64/debug/gedit-debuginfo-2.8.1-2.fc3.1.x86_64.rpm c95bab56d29eed0c5320ada147fba03d i386/gedit-2.8.1-2.fc3.1.i386.rpm d4d49f857df7b492cd45f00d9f06efda i386/gedit-devel-2.8.1-2.fc3.1.i386.rpm 72902a585ff2c43b57840b24d1868ecc i386/debug/gedit-debuginfo-2.8.1-2.fc3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. out. Sorry for the delay. Ray Strode --fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : gedit
Version : 2.8.1
Release : 2.fc3.1
Summary : gEdit is a small but powerful text editor for GNOME.

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved