In order to exploit this vulnerability, a user must open a malicious file or click on malicious ad in an internet browser.

Affected versions

Gedit version prior to 1.8.0

Fix advised

In order to prevent exploitation of this vulnerability, we recommend updating the latest version of Gedit. Additionally, in order to maintain secure system, we also recommend following best practices for system security.

How it works?

Gedit before version 1.8.0 is vulnerable due to the unsafe use of a mod_cgi functionality.
In this functionality, if user doesn't have permission to view a file, it is not saved.

What should be done?

Update to latest version.

Follow best practices to maintain secure system.

Protect system from malicious activities.

Protect system from malware attacks.

Protect system from adware attacks.

Stay up to date with system patches.

For more information on how to protect system, refer to best practices.

Gedit before version 1.8.0: Unsafe use of a mod_cgi functionality

Gedit before version 1.8.0 is vulnerable due to the unsafe use of a mod_cgi functionality. In this functionality, if user doesn't have permission to view a file, it is not saved.

How to update Gedit to latest version?

1. Download the latest version of Gedit from https://www.gedit.org/download-editors#latest
2. Unzip the downloaded file and find “gedit” folder in extracted folder
3. Copy or move the “gedit” folder to the location of your choice on your computer
4. Open a terminal window (e.g., MS-DOS Prompt) and enter following command:
sudo cp -r /location/of/unzipped/folder . && sudo ln -sf /location/of/unzipped/folder/.gedit .gedit

Timeline

Published on: 10/11/2022 17:15:00 UTC
Last modified on: 10/13/2022 16:29:00 UTC

References