[USN-138-1] gedit vulnerability

Martin Pitt martin.pitt at canonical.com
Thu Jun 9 13:06:19 UTC 2005


===========================================================
Ubuntu Security Notice USN-138-1	      June 09, 2005
gedit vulnerability
CAN-2005-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gedit

The problem can be corrected by upgrading the affected package to
version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.

This becomes security relevant if e. g. your web browser is configued
to open URLs in gedit. If you never open untrusted file names or URLs
in gedit, this flaw does not affect you.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.diff.gz
      Size/MD5:     9414 605064f69529dfef55e811a14c482c44
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.dsc
      Size/MD5:     1751 ef7f5d4ec7adf77d7fe0eca3df751456
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1.orig.tar.gz
      Size/MD5:  4082500 38447bcce215ddc90205e60deee1f49a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.8.1-0ubuntu1.1_all.deb
      Size/MD5:  1814036 1d7f5fc1152f90b902830602d7a1ae20

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_amd64.deb
      Size/MD5:   501052 a58ebb5a3914c37a1f3cc7a339a3eecc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_i386.deb
      Size/MD5:   464902 7e5dc6f7a66976b530b0891c22a52a22

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   478494 b7b389f80fa6c37871d782e9bc368156

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.diff.gz
      Size/MD5:    51287 b163e88c7caf983d1f863533c0d10e54
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.dsc
      Size/MD5:     1862 ae8f61880a855ec21f9419b8dcd513b5
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2.orig.tar.gz
      Size/MD5:  5148694 9469c2605ff2bcff589312bc0227a79d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.10.2-0ubuntu2_all.deb
      Size/MD5:   834914 56aa2aee8546e88d451c432378d6ef07
    http://security.ubuntu.com/ubuntu/pool/universe/g/gedit/gedit-dev_2.10.2-0ubuntu2_all.deb
      Size/MD5:    41476 db0cb15d872dd629174d383c93aa8af5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_amd64.deb
      Size/MD5:   494800 e0479c5e0e71065b7f38efcd715c4c0b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_i386.deb
      Size/MD5:   463338 3aa98938e1a77e3c047d1f45eb895776

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_powerpc.deb
      Size/MD5:   478466 3fd8cc7bcc5145dcd8d4c44a1885ffd1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050609/42fe976c/attachment.pgp>


More information about the ubuntu-security-announce mailing list