vim-8.2.2637-22.el9_6.1
エラータID: AXSA:2025-10959:02
リリース日:
2025/10/15 Wednesday - 13:56
題名:
vim-8.2.2637-22.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された TAR 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53905)
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された ZIP 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53906)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53905
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
CVE-2025-53906
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-8.2.2637-22.el9_6.1.src.rpm
MD5: fa38eee3fff12150b7fe6c100a3e9b81
SHA-256: 85f25a49891c3bde9c76d1089e23dd5e8c8413d4deb3b7666098c9c19e221ecd
Size: 12.22 MB
Asianux Server 9 for x86_64
- vim-common-8.2.2637-22.el9_6.1.x86_64.rpm
MD5: 445fce51f3e0104ad8a77e9e2d302da1
SHA-256: c1c74b716a950cf853ec734daf0052fc512088db440a85246aafe885b510d87d
Size: 6.97 MB - vim-enhanced-8.2.2637-22.el9_6.1.x86_64.rpm
MD5: 9efb5973cb4b8c688fb6db2ef0b3ada7
SHA-256: d12bcff93e1cca3cd46eb8dae9a8ad54ed5574117c21997bef4d381373e866a1
Size: 1.75 MB - vim-filesystem-8.2.2637-22.el9_6.1.noarch.rpm
MD5: ec7bf58172882ad2fee2e0ed665c772b
SHA-256: 66cdfea59b02f99ef883a1a9dca2c954f7616a90856d1706ae46c03f84f3b427
Size: 9.45 kB - vim-minimal-8.2.2637-22.el9_6.1.x86_64.rpm
MD5: 9dbf36d61b5a30a92208aaf9c93ced9a
SHA-256: 5005e9cf702e1577aefa94add9c65df4a6dfb31165b2f3f48d8af1b035ab4faa
Size: 669.37 kB - vim-X11-8.2.2637-22.el9_6.1.x86_64.rpm
MD5: f7b5bf9dd5be8aadc2925bd8d6c07b43
SHA-256: 86e3657291767603ede5224eeb6b19162b0e8cbf5ee14649275b81e15cade439
Size: 1.91 MB
English