Bug 90339 (CVE-2005-1686) - VUL-0: CVE-2005-1686: gedit format string bug
Summary: VUL-0: CVE-2005-1686: gedit format string bug
Status: RESOLVED FIXED
Alias: CVE-2005-1686
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-1686: CVSS v2 Base Score: 2....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-10 07:19 UTC by Ludwig Nussel
Modified: 2021-11-03 14:42 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-06-10 07:19:25 UTC 
We received the following report via full-disclosure.
The issue is public.

Se also

http://bugzilla.gnome.org/show_bug.cgi?id=306800
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159657

Is gedit associated with any filetype by default?


Date: Thu, 9 Jun 2005 15:06:19 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [Full-disclosure] [USN-138-1] gedit vulnerability

===========================================================
Ubuntu Security Notice USN-138-1	      June 09, 2005
gedit vulnerability
CAN-2005-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gedit

The problem can be corrected by upgrading the affected package to
version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.

This becomes security relevant if e. g. your web browser is configued
to open URLs in gedit. If you never open untrusted file names or URLs
in gedit, this flaw does not affect you.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.diff.gz
      Size/MD5:     9414 605064f69529dfef55e811a14c482c44
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.dsc
      Size/MD5:     1751 ef7f5d4ec7adf77d7fe0eca3df751456
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1.orig.tar.gz
      Size/MD5:  4082500 38447bcce215ddc90205e60deee1f49a

[...]
Comment 1 Stanislav Brabec 2005-06-13 16:17:30 UTC 
Gedit is associated as default for text/plain.

Package gedit fixed for: sles9-sld-all 9.1-all 9.2-all 9.3-all

Package gedit2 fixed for: sles8-slec-all ul1-all 8.2-all 9.0-all 

For versions 2.10 and 2.8 patches from
http://bugzilla.gnome.org/show_bug.cgi?id=306800 were used. For older released,
parts of patch was backported.

Package gedit updated for: stable-all plus

Reassigning to security team. Please create patchinfos.
Comment 2 Ludwig Nussel 2005-06-14 14:53:32 UTC 
SM-Tracker-1557
Comment 3 Marcus Meissner 2005-06-21 11:33:51 UTC 
updates approved
Comment 4 Thomas Biege 2009-10-13 21:27:24 UTC 
CVE-2005-1686: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)