[SECURITY] Fedora 9 Update: gedit-2.22.3-3.fc9

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 29 23:12:13 UTC 2009

Fedora Update Notification
2009-01-29 22:32:51

Name        : gedit
Product     : Fedora 9
Version     : 2.22.3
Release     : 3.fc9
URL         : http://gedit.sourceforge.net/
Summary     : gEdit is a small but powerful text editor for GNOME
Description :
gEdit is a small but powerful text editor designed specifically for
the GNOME GUI desktop.  gEdit includes a plug-in API (which supports
extensibility while keeping the core binary small), support for
editing multiple documents using notebook tabs, and standard text
editor functions.

You'll need to have GNOME and GTK+ installed to use gEdit.

Update Information:

Untrusted search path vulnerability in gedit's Python module allows local users
to execute arbitrary code via a Trojan horse Python file in the current working
directory, related to an erroneous setting of sys.path by the PySys_SetArgv
function.    References:  http://bugzilla.gnome.org/show_bug.cgi?id=569214
python-files-from-cwd-td18848099.html     The latest stable upstream release of
gedit.  From the release announcement:    New Features and Fixes
======================  - Backport some bugfixes from the developement version
New and updated translations  ============================  - Alexander Shopov
(bg)  - Priit Laes (et)  - Shankar Prasad (kn)

* Mon Jan 26 2009 Ray Strode <rstrode at redhat.com> - 1:2.22.3-3
- Fix bug 481556 in a more functional way.
* Mon Jan 26 2009 Ray Strode <rstrode at redhat.com> - 1:2.22.3-2
- Fix up python plugin path to close up a security attack
  vectors (bug 481556).

  [ 1 ] Bug #481556 - gedit: untrusted python modules search path

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gedit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the Fedora-package-announce mailing list