vim-8.0.1763-21.el8_10
エラータID: AXSA:2025-10962:03
リリース日:
2025/10/15 Wednesday - 18:16
題名:
vim-8.0.1763-21.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された TAR 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53905)
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された ZIP 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53906)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53905
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
CVE-2025-53906
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-8.0.1763-21.el8_10.src.rpm
MD5: 7b6eec757c7f5b5466e265954679e2b4
SHA-256: efe47c91229b32e239132038ca329345a0e5a7f53e78115c4392d7690dd2a1e7
Size: 10.72 MB
Asianux Server 8 for x86_64
- vim-common-8.0.1763-21.el8_10.x86_64.rpm
MD5: e6694d305693ecd4f80e841f17dcfd1e
SHA-256: 97b5cb7a76c316e89b1cbbc0c2cf5a025ae1f4482f8047b3c86c69a924fc9ec1
Size: 6.34 MB - vim-enhanced-8.0.1763-21.el8_10.x86_64.rpm
MD5: 197c50fba1a707da71de7afc7686a1e4
SHA-256: bcd1285fbb0859b9549fb7bbacee86b468490d217133f18d65016d205b62e946
Size: 1.36 MB - vim-filesystem-8.0.1763-21.el8_10.noarch.rpm
MD5: 0b896a2333ec174ccb644e5ae3b32426
SHA-256: d9674aba1242aa229077a680456314a61dc0e21ca08d99ce09e826f30b1bbe49
Size: 49.55 kB - vim-minimal-8.0.1763-21.el8_10.x86_64.rpm
MD5: 577cd6216072ef690af11efe33819993
SHA-256: 5a765736b2df16cbb3fe315c27376e4105659adf97af0383e2b6e64eb06addbc
Size: 574.26 kB - vim-X11-8.0.1763-21.el8_10.x86_64.rpm
MD5: 7056e101bfe5f201e6d062e5afe4b5bc
SHA-256: 86cf2ef8711cdd1f81190165c087143adde0baa94e5c1c9a4cc16723226fb383
Size: 1.50 MB
English