logo
DATABASE RESOURCES PRICING ABOUT US

gedit: Untrusted search path

Description

### Background gedit is a text editor for the GNOME desktop. ### Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. ### Impact A local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. ### Workaround Do not run gedit from untrusted working directories. ### Resolution All gedit 2.22.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1" All gedit 2.24.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3"


Affected Package


OS OS Version Package Name Package Version
Gentoo any app-editors/gedit 2.24.3

Related