GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 30, 2009 10:26 pm Post subject: [ GLSA 200903-41 ] gedit: Untrusted search path |
 |
|
Gentoo Linux Security Advisory
Title: gedit: Untrusted search path (GLSA 200903-41)
Severity: normal
Exploitable: local
Date: March 30, 2009
Bug(s): #257004
ID: 200903-41
Synopsis
A vulnerability in gedit might allow local attackers to execute arbitrary code.
Background
gedit is a text editor for the GNOME desktop.
Affected Packages
Package: app-editors/gedit
Vulnerable: < 2.24.3
Unaffected: >= 2.22.3-r1 < 2.22.4
Unaffected: >= 2.24.3
Architectures: All supported architectures
Description
James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983.
Impact
A local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround
Do not run gedit from untrusted working directories.
Resolution
All gedit 2.22.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1" |
All gedit 2.24.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3" |
References
CVE-2008-5983
CVE-2009-0314 |
|
News & Announcements
