Subject: | |
From: | |
Reply To: | |
Date: | Tue, 25 Nov 2008 13:37:42 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: vim security update
Issue date: 2008-11-25
CVE Names: CVE-2007-2953 CVE-2008-2712 CVE-2008-3074
CVE-2008-3075 CVE-2008-3076 CVE-2008-3432
CVE-2008-4101
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
SL3 and SL4 Only:
A heap-based overflow flaw was discovered in Vim's expansion of file name
patterns with shell wildcards. An attacker could create a specially-crafted
file or directory name that, when opened by Vim, caused the application to
crash or, possibly, execute arbitrary code. (CVE-2008-3432)
SL5 Only:
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
SL5 Only:
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
SL5 Only:
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim's help tag processor. If a user was tricked into executing the
"helptags" command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
SL 3.0.x
SRPMS:
vim-6.3.046-0.30E.11.src.rpm
i386:
vim-common-6.3.046-0.30E.11.i386.rpm
vim-enhanced-6.3.046-0.30E.11.i386.rpm
vim-minimal-6.3.046-0.30E.11.i386.rpm
vim-X11-6.3.046-0.30E.11.i386.rpm
x86_64:
vim-common-6.3.046-0.30E.11.x86_64.rpm
vim-enhanced-6.3.046-0.30E.11.x86_64.rpm
vim-minimal-6.3.046-0.30E.11.x86_64.rpm
vim-X11-6.3.046-0.30E.11.x86_64.rpm
SL 4.x
SRPMS:
vim-6.3.046-1.el4_7.5z.src.rpm
i386:
vim-common-6.3.046-1.el4_7.5z.i386.rpm
vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm
vim-minimal-6.3.046-1.el4_7.5z.i386.rpm
vim-X11-6.3.046-1.el4_7.5z.i386.rpm
x86_64:
vim-common-6.3.046-1.el4_7.5z.x86_64.rpm
vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm
vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm
vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm
SL 5.x
SRPMS:
vim-7.0.109-4.el5_2.4z.src.rpm
i386:
vim-common-7.0.109-4.el5_2.4z.i386.rpm
vim-enhanced-7.0.109-4.el5_2.4z.i386.rpm
vim-minimal-7.0.109-4.el5_2.4z.i386.rpm
vim-X11-7.0.109-4.el5_2.4z.i386.rpm
x86_64:
vim-common-7.0.109-4.el5_2.4z.x86_64.rpm
vim-enhanced-7.0.109-4.el5_2.4z.x86_64.rpm
vim-minimal-7.0.109-4.el5_2.4z.x86_64.rpm
vim-X11-7.0.109-4.el5_2.4z.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|