=========================================================== Ubuntu Security Notice USN-138-1 June 09, 2005 gedit vulnerability CAN-2005-1686 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gedit The problem can be corrected by upgrading the affected package to version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user. This becomes security relevant if e. g. your web browser is configued to open URLs in gedit. If you never open untrusted file names or URLs in gedit, this flaw does not affect you.