vim-8.2.2637-23.el9_7
エラータID: AXSA:2025-11425:04
リリース日:
2025/12/03 Wednesday - 20:06
題名:
vim-8.2.2637-23.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された TAR 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53905)
- Vim には、ディレクトリトラバーサル攻撃を許容してしまう問題が
あるため、ローカルの攻撃者により、細工された ZIP 形式のアーカイブ
ファイルを開くことを介して、任意のコマンドの実行、および任意の
ファイルの上書きによる破壊を可能とする脆弱性が存在します。
(CVE-2025-53906)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53905
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
CVE-2025-53906
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-8.2.2637-23.el9_7.src.rpm
MD5: dc5ebca9dd0b99f21db75caeae61534e
SHA-256: 0ffb07f164359c3d53dc2044fdf1057327e6be4c9e9daef818c97522a4cd6430
Size: 12.22 MB
Asianux Server 9 for x86_64
- vim-common-8.2.2637-23.el9_7.x86_64.rpm
MD5: 8702d597919efb428cf1b17b1571adaf
SHA-256: 27b6a5c04e69fe8d921a82031b25fd4dbdd221a5194a49eb1a6f3308f274d841
Size: 6.97 MB - vim-enhanced-8.2.2637-23.el9_7.x86_64.rpm
MD5: 23469687ea628aea3b195aa2c93e06b6
SHA-256: faa623140b92467c6c4e7fb2eee33f0dd0edf2e499ddfbc38e9b40c3bfe35e49
Size: 1.75 MB - vim-filesystem-8.2.2637-23.el9_7.noarch.rpm
MD5: d9ae787942799fbd75b89ffb856a3511
SHA-256: e70e9477b33d5a16b5accf18cb9e265ccdb39c08942eeb6ea7e1071446127243
Size: 9.44 kB - vim-minimal-8.2.2637-23.el9_7.x86_64.rpm
MD5: 28bad49042e9c6818a569550b7dabf68
SHA-256: 20c7e535f368434223e0d54bca9f60d4d88311a56a7a07a85ca1ff87283bc808
Size: 669.25 kB - vim-X11-8.2.2637-23.el9_7.x86_64.rpm
MD5: e99da0860847ebc5cccba96f8313dac3
SHA-256: b4912b89236172413185e850bbf36c230753c23ba823d71320a4fe8470c0670d
Size: 1.90 MB
English