A gedit update has been released for Fedora Core 4
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-403
2005-06-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : gedit
Version : 2.10.2
Release : 4
Summary : gEdit is a small but powerful text editor for GNOME.
Description :
gEdit is a small but powerful text editor designed specifically for the GNOME GUI desktop. gEdit includes a plug-in API (which supports extensibility while keeping the core binary small), support for editing multiple documents using notebook tabs, and standard text editor functions.
You'll need to have GNOME and GTK+ installed to use gEdit.
---------------------------------------------------------------------
Update Information:
An updated gedit package that fixes a file name format string vulnerability is now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop.
A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1686 to this issue.
Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue.
---------------------------------------------------------------------
* Tue Jun 7 2005 Ray Strode <rstrode@redhat.com> 1:2.10.2-4
- Dont pass user input as format specifiers to
gtk_message_dialog_new (bug 159657).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
291c49505ea82dec5340de227d1203ec SRPMS/gedit-2.10.2-4.src.rpm
93fda2f09dec2e2fc6428d50bdc7d669 ppc/gedit-2.10.2-4.ppc.rpm
6e300eda8afb5264ebed2d58a52676cd ppc/gedit-devel-2.10.2-4.ppc.rpm
1e584bd71f8a898be0307527e57f4774 ppc/debug/gedit-debuginfo-2.10.2-4.ppc.rpm
d5236c9ad6c4fecef9ff43fc388c89ba x86_64/gedit-2.10.2-4.x86_64.rpm
08e1a0e684d3a6746b4ce6451d6b2b3d x86_64/gedit-devel-2.10.2-4.x86_64.rpm
ff2961c1627c57a8390a38377525ae5b x86_64/debug/gedit-debuginfo-2.10.2-4.x86_64.rpm
4feaa7449692b5c33ab38d2e7304f236 i386/gedit-2.10.2-4.i386.rpm
be814fb7204f079767960071ca248ff7 i386/gedit-devel-2.10.2-4.i386.rpm
271dc9d8beacf6e5121d7497aa0a02c1 i386/debug/gedit-debuginfo-2.10.2-4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-403
2005-06-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : gedit
Version : 2.10.2
Release : 4
Summary : gEdit is a small but powerful text editor for GNOME.
Description :
gEdit is a small but powerful text editor designed specifically for the GNOME GUI desktop. gEdit includes a plug-in API (which supports extensibility while keeping the core binary small), support for editing multiple documents using notebook tabs, and standard text editor functions.
You'll need to have GNOME and GTK+ installed to use gEdit.
---------------------------------------------------------------------
Update Information:
An updated gedit package that fixes a file name format string vulnerability is now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop.
A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1686 to this issue.
Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue.
---------------------------------------------------------------------
* Tue Jun 7 2005 Ray Strode <rstrode@redhat.com> 1:2.10.2-4
- Dont pass user input as format specifiers to
gtk_message_dialog_new (bug 159657).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
291c49505ea82dec5340de227d1203ec SRPMS/gedit-2.10.2-4.src.rpm
93fda2f09dec2e2fc6428d50bdc7d669 ppc/gedit-2.10.2-4.ppc.rpm
6e300eda8afb5264ebed2d58a52676cd ppc/gedit-devel-2.10.2-4.ppc.rpm
1e584bd71f8a898be0307527e57f4774 ppc/debug/gedit-debuginfo-2.10.2-4.ppc.rpm
d5236c9ad6c4fecef9ff43fc388c89ba x86_64/gedit-2.10.2-4.x86_64.rpm
08e1a0e684d3a6746b4ce6451d6b2b3d x86_64/gedit-devel-2.10.2-4.x86_64.rpm
ff2961c1627c57a8390a38377525ae5b x86_64/debug/gedit-debuginfo-2.10.2-4.x86_64.rpm
4feaa7449692b5c33ab38d2e7304f236 i386/gedit-2.10.2-4.i386.rpm
be814fb7204f079767960071ca248ff7 i386/gedit-devel-2.10.2-4.i386.rpm
271dc9d8beacf6e5121d7497aa0a02c1 i386/debug/gedit-debuginfo-2.10.2-4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.