Fedora 10 gedit 2.24.3-3 Critical: Local Code Execution Threat

gEdit is a small but powerful text editor designed specifically for

the GNOME GUI desktop. gEdit includes a plug-in API (which supports

extensibility while keeping the core binary small), support for

editing multiple documents using notebook tabs, and standard text

editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

Untrusted search path vulnerability in gedit's Python module allows local users

to execute arbitrary code via a Trojan horse Python file in the current working

directory, related to an erroneous setting of sys.path by the PySys_SetArgv

function. References:

The latest stable upstream release of

gedit. From the release announcement: New Features and Fixes

====================== - Backport some bugfixes from the developement version

New and updated translations ============================ - Alexander Shopov

(bg) - Priit Laes (et) - Shankar Prasad (kn)

* Mon Jan 26 2009 Ray Strode - 1:2.24.3-3

- Fix bug 481556 in a more functional way

* Mon Jan 26 2009 Ray Strode - 1:2.24.3-2

- Fix up python plugin path to close up a security attack

vectors (bug 481556).

* Thu Jan 15 2009 Matthias Clasen - 1:2.24.3-1

- Update to 2.24.3

[ 1 ] Bug #481556 - gedit: untrusted python modules search path

https://bugzilla.redhat.com/show_bug.cgi?id=481556

su -c 'yum update gedit' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/