=========================================================== Ubuntu Security Notice USN-138-1 June 09, 2005 gedit vulnerability CAN-2005-1686 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gedit The problem can be corrected by upgrading the affected package to version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user. This becomes security relevant if e. g. your web browser is configued to open URLs in gedit. If you never open untrusted file names or URLs in gedit, this flaw does not affect you. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.diff.gz Size/MD5: 9414 605064f69529dfef55e811a14c482c44 http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.dsc Size/MD5: 1751 ef7f5d4ec7adf77d7fe0eca3df751456 http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1.orig.tar.gz Size/MD5: 4082500 38447bcce215ddc90205e60deee1f49a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.8.1-0ubuntu1.1_all.deb Size/MD5: 1814036 1d7f5fc1152f90b902830602d7a1ae20 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_amd64.deb Size/MD5: 501052 a58ebb5a3914c37a1f3cc7a339a3eecc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_i386.deb Size/MD5: 464902 7e5dc6f7a66976b530b0891c22a52a22 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1_powerpc.deb Size/MD5: 478494 b7b389f80fa6c37871d782e9bc368156 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.diff.gz Size/MD5: 51287 b163e88c7caf983d1f863533c0d10e54 http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2.dsc Size/MD5: 1862 ae8f61880a855ec21f9419b8dcd513b5 http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2.orig.tar.gz Size/MD5: 5148694 9469c2605ff2bcff589312bc0227a79d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit-common_2.10.2-0ubuntu2_all.deb Size/MD5: 834914 56aa2aee8546e88d451c432378d6ef07 http://security.ubuntu.com/ubuntu/pool/universe/g/gedit/gedit-dev_2.10.2-0ubuntu2_all.deb Size/MD5: 41476 db0cb15d872dd629174d383c93aa8af5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_amd64.deb Size/MD5: 494800 e0479c5e0e71065b7f38efcd715c4c0b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_i386.deb Size/MD5: 463338 3aa98938e1a77e3c047d1f45eb895776 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.10.2-0ubuntu2_powerpc.deb Size/MD5: 478466 3fd8cc7bcc5145dcd8d4c44a1885ffd1
Attachment:
signature.asc
Description: Digital signature