vim-7.4.160-6.el7
エラータID: AXSA:2019-3915:02
Release date:
Thursday, June 27, 2019 - 08:47
Subject:
vim-7.4.160-6.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Solution:
Update packages.
CVEs:
CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Additional Info:
N/A
Download:
SRPMS
- vim-7.4.160-6.el7.src.rpm
MD5: fd6b5d68d0ef47571efc5f499d670454
SHA-256: 1e0452f443c28149799edb94e0b1b6fdc0f6c04580aeec1846078b1a0da72db6
Size: 9.63 MB
Asianux Server 7 for x86_64
- vim-common-7.4.160-6.el7.x86_64.rpm
MD5: 44a4a768277e00060680fcdd3887c6f7
SHA-256: 941b72856ea339b8456730aabf95f8ab973201ca2854809da06a6620e288a54b
Size: 5.91 MB - vim-enhanced-7.4.160-6.el7.x86_64.rpm
MD5: cc8c37f2c04c319909549c8c3d96f899
SHA-256: d92b597f21e462ab01c6fa712dcb9caea0edbfa777e8913369ed468a7fb3e921
Size: 1.04 MB - vim-filesystem-7.4.160-6.el7.x86_64.rpm
MD5: 3bc9d10f10871e4f73948ff30c11b11e
SHA-256: d6436337e1b863a94f2fe86ec95c96ad0329050cd0d2780c73171c0f6e1bf652
Size: 9.45 kB - vim-minimal-7.4.160-6.el7.x86_64.rpm
MD5: f49f15828988d109354afc1db87f0dfd
SHA-256: 3b4b87987b38187026beb64534b3c23e254f805482980c15ba71ebe033d6707b
Size: 436.12 kB - vim-X11-7.4.160-6.el7.x86_64.rpm
MD5: 43a690d39dce1141c7eabed1c75a32f4
SHA-256: 4b375db6777d14b2143f6ab36b007363bf1c9bc9b44659b66f5ec477fa02acab
Size: 1.16 MB