[SECURITY] Fedora 10 Update: gedit-2.24.3-3.fc10

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 29 23:11:58 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1187
2009-01-29 22:32:49
--------------------------------------------------------------------------------

Name        : gedit
Product     : Fedora 10
Version     : 2.24.3
Release     : 3.fc10
URL         : http://gedit.sourceforge.net/
Summary     : gEdit is a small but powerful text editor for GNOME
Description :
gEdit is a small but powerful text editor designed specifically for
the GNOME GUI desktop.  gEdit includes a plug-in API (which supports
extensibility while keeping the core binary small), support for
editing multiple documents using notebook tabs, and standard text
editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

--------------------------------------------------------------------------------
Update Information:

Untrusted search path vulnerability in gedit's Python module allows local users
to execute arbitrary code via a Trojan horse Python file in the current working
directory, related to an erroneous setting of sys.path by the PySys_SetArgv
function.    References:  http://bugzilla.gnome.org/show_bug.cgi?id=569214
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-
python-files-from-cwd-td18848099.html     The latest stable upstream release of
gedit.  From the release announcement:    New Features and Fixes
======================  - Backport some bugfixes from the developement version
New and updated translations  ============================  - Alexander Shopov
(bg)  - Priit Laes (et)  - Shankar Prasad (kn)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 26 2009 Ray Strode <rstrode at redhat.com> - 1:2.24.3-3
- Fix bug 481556 in a more functional way
* Mon Jan 26 2009 Ray Strode <rstrode at redhat.com> - 1:2.24.3-2
- Fix up python plugin path to close up a security attack
  vectors (bug 481556).
* Thu Jan 15 2009 Matthias Clasen <mclasen at redhat.com> - 1:2.24.3-1
- Update to 2.24.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #481556 - gedit: untrusted python modules search path
        https://bugzilla.redhat.com/show_bug.cgi?id=481556
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gedit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list