gedit: Format string vulnerability — GLSA 200506-09

gedit suffers from a format string vulnerability that could allow arbitrary code execution.

Affected packages

app-editors/gedit on all architectures
Affected versions < 2.10.3
Unaffected versions >= 2.10.3

Background

gedit is the official text editor of the GNOME desktop environement.

Description

A format string vulnerability exists when opening files with names containing format specifiers.

Impact

A specially crafted file with format specifiers in the filename can cause arbitrary code execution.

Workaround

There are no known workarounds at this time.

Resolution

All gedit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.10.3"

References

Release date
June 11, 2005

Latest revision
May 22, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries