Debian DSA-753-1 : gedit - format string

low Nessus Plugin ID 18674

Synopsis

The remote Debian host is missing a security-related update.

Description

A format string vulnerability has been discovered in gedit, a light-weight text editor for GNOME, that may allow attackers to cause a denial of service (application crash) via a binary file with format string specifiers in the filename. Since gedit supports opening files via 'http://' URLs (through GNOME vfs) and other schemes, this might be a remotely exploitable vulnerability.

The old stable distribution (woody) is not vulnerable to this problem.

Solution

Upgrade the gedit package.

For the stable distribution (sarge) this problem has been fixed in version 2.8.3-4sarge1.

See Also

http://www.debian.org/security/2005/dsa-753

Plugin Details

Severity: Low

ID: 18674

File Name: debian_DSA-753.nasl

Version: 1.19

Type: local

Agent: unix

Published: 7/12/2005

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gedit, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 7/12/2005

Vulnerability Publication Date: 5/20/2005

Reference Information

CVE: CVE-2005-1686

DSA: 753