Paketname
vim
Datum
2008-12-03
Advisory ID
MDVSA-2008:236
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problembeschreibung

Several vulnerabilities were found in the vim editor:

A number of input sanitization flaws were found in various vim
system functions. If a user were to open a specially crafted file,
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).

Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).

A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).

A flaw was found in how zip.vim handled ZIP archive browsing. If a
user were to open a special ZIP archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3075).

A number of security flaws were found in netrw.vim, the vim plugin
that provides the ability to read and write files over the network.
If a user opened a specially crafted file or directory with the netrw
plugin, it could result in the execution of arbitrary code as the
user running vim (CVE-2008-3076).

A number of input validation flaws were found in vim's keyword and
tag handling. If vim looked up a document's maliciously crafted
tag or keyword, it was possible to execute arbitary code as the user
running vim (CVE-2008-4101).

A vulnerability was found in certain versions of netrw.vim where it
would send FTP credentials stored for an FTP session to subsequent
FTP sessions to servers on different hosts, exposing FTP credentials
to remote hosts (CVE-2008-4677).

This update provides vim 7.2 (patchlevel 65) which corrects all of
these issues and introduces a number of new features and bug fixes.

Aktualisierte Pakete

2009.0 x86_64

 dce4c150ca5f8beed2e6ec917ee8f36d  2009.0/x86_64/vim-common-7.2.065-9.2mdv2009.0.x86_64.rpm
 8351ee5ccbbf039649c830befb16c8b6  2009.0/x86_64/vim-enhanced-7.2.065-9.2mdv2009.0.x86_64.rpm
 25abc823231a1242ec9e00e08aeea08b  2009.0/x86_64/vim-minimal-7.2.065-9.2mdv2009.0.x86_64.rpm
 8f18e3bf52e528294a8c027227163ea0  2009.0/x86_64/vim-X11-7.2.065-9.2mdv2009.0.x86_64.rpm 
 49185b01a1d717513902ba49235023a0  2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm

CS4.0 x86_64

 2cc05e275dfda62016b2ca250bc7abac  corporate/4.0/x86_64/vim-common-7.2.065-8.2.20060mlcs4.x86_64.rpm
 12628db58e590955b4fc52b9b9da35f2  corporate/4.0/x86_64/vim-enhanced-7.2.065-8.2.20060mlcs4.x86_64.rpm
 81d3a71d955ef44e9adf0087a38b2048  corporate/4.0/x86_64/vim-minimal-7.2.065-8.2.20060mlcs4.x86_64.rpm
 01db91a3cd0d64fba00beb7ac29121ab  corporate/4.0/x86_64/vim-X11-7.2.065-8.2.20060mlcs4.x86_64.rpm 
 ff5ce0745012df27dba7c628be9696c2  corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm

MNF2.0 i586

 17e4eff8ebdba9763a278a2d0e2f4ca3  mnf/2.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
 a32e43b8fd1beaa139c108a14685b357  mnf/2.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
 ccd9d76b31b85005d465a11113db862e  mnf/2.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm 
 27bd018672a8bc5aa5d15a7bc6e64dc0  mnf/2.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

2008.0 i586

 9687145d46a754a50f26498399e42f84  2008.0/i586/vim-common-7.2.065-9.2mdv2008.0.i586.rpm
 5ab8b8d113ef693c07cd79f693d47638  2008.0/i586/vim-enhanced-7.2.065-9.2mdv2008.0.i586.rpm
 cf40227e84aac1a17a1a2973685e6a1f  2008.0/i586/vim-minimal-7.2.065-9.2mdv2008.0.i586.rpm
 bf9cb876e1958d7b215a7039e1c52975  2008.0/i586/vim-X11-7.2.065-9.2mdv2008.0.i586.rpm 
 7b1b039b2ba0233b6535775ecd200e6d  2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm

2009.0 i586

 b94e841258ba0053a8c2e1c61d378ff4  2009.0/i586/vim-common-7.2.065-9.2mdv2009.0.i586.rpm
 53b66549200b5a8a3374de12c56ca3c4  2009.0/i586/vim-enhanced-7.2.065-9.2mdv2009.0.i586.rpm
 a412c994a7d9f3111e2dfd4d629de72c  2009.0/i586/vim-minimal-7.2.065-9.2mdv2009.0.i586.rpm
 f1a2096a8b72c74ed3ef7df984491b66  2009.0/i586/vim-X11-7.2.065-9.2mdv2009.0.i586.rpm 
 49185b01a1d717513902ba49235023a0  2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm

CS3.0 x86_64

 934038cf8d1a329cf8020895ed3db7c3  corporate/3.0/x86_64/vim-common-7.2.065-9.2.C30mdk.x86_64.rpm
 65d64cc850ebdcb6a47905c94df19437  corporate/3.0/x86_64/vim-enhanced-7.2.065-9.2.C30mdk.x86_64.rpm
 138427402ee4d0dba3931861f43b17af  corporate/3.0/x86_64/vim-minimal-7.2.065-9.2.C30mdk.x86_64.rpm
 23ab99b940c3150ea185cbe0cf7a536a  corporate/3.0/x86_64/vim-X11-7.2.065-9.2.C30mdk.x86_64.rpm 
 5056d9e1057c60b0cc2514cfb14f6aef  corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

2008.0 x86_64

 fa3479b036e054ce12a0e680e95f28f6  2008.0/x86_64/vim-common-7.2.065-9.2mdv2008.0.x86_64.rpm
 d1e10ebfaa89c3ca0cc72624531c6950  2008.0/x86_64/vim-enhanced-7.2.065-9.2mdv2008.0.x86_64.rpm
 a8961516b64c325bf6662b44e1384885  2008.0/x86_64/vim-minimal-7.2.065-9.2mdv2008.0.x86_64.rpm
 eb6a696807d8a2e55d9a447266081bc4  2008.0/x86_64/vim-X11-7.2.065-9.2mdv2008.0.x86_64.rpm 
 7b1b039b2ba0233b6535775ecd200e6d  2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm

CS3.0 i586

 57eb3da62007c67d4dfff2184712e723  corporate/3.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
 cd32782aeb6a12ff17d63436cf1b5bdd  corporate/3.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
 5fe6219ae51f930a61ac7719d483c4d2  corporate/3.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
 ad522f08a5c827dc68c1c3d80dc96c05  corporate/3.0/i586/vim-X11-7.2.065-9.2.C30mdk.i586.rpm 
 5056d9e1057c60b0cc2514cfb14f6aef  corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

2008.1 x86_64

 f56a2879dfbca889824074338eca652c  2008.1/x86_64/vim-common-7.2.065-9.2mdv2008.1.x86_64.rpm
 e813a7a4126f4b5413b6a3517bb57c97  2008.1/x86_64/vim-enhanced-7.2.065-9.2mdv2008.1.x86_64.rpm
 cfc262ca8e4995d5b648c282d05f9261  2008.1/x86_64/vim-minimal-7.2.065-9.2mdv2008.1.x86_64.rpm
 dce8110e159fe8b767d596346514d1e9  2008.1/x86_64/vim-X11-7.2.065-9.2mdv2008.1.x86_64.rpm 
 2886ecd9e5117b6464dc82e12bc41ee6  2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm

2008.1 i586

 bf1bbb5c11dc18f5b626830f83324bab  2008.1/i586/vim-common-7.2.065-9.2mdv2008.1.i586.rpm
 54426458bb7601d9b3fdfedfa16ee9c6  2008.1/i586/vim-enhanced-7.2.065-9.2mdv2008.1.i586.rpm
 ca94206e37b639a4577272d05ef10489  2008.1/i586/vim-minimal-7.2.065-9.2mdv2008.1.i586.rpm
 8b58cee3b8ccee24408c1ed78215cb89  2008.1/i586/vim-X11-7.2.065-9.2mdv2008.1.i586.rpm 
 2886ecd9e5117b6464dc82e12bc41ee6  2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm

CS4.0 i586

 ccad6e665824b0af02d7cf6dc244800f  corporate/4.0/i586/vim-common-7.2.065-8.2.20060mlcs4.i586.rpm
 6259e89fdff3af4591f00aee85f6408d  corporate/4.0/i586/vim-enhanced-7.2.065-8.2.20060mlcs4.i586.rpm
 a1899ec82783d087a67e598440c7d97b  corporate/4.0/i586/vim-minimal-7.2.065-8.2.20060mlcs4.i586.rpm
 1628ebe4b6bd2c0398689d8b63059ad4  corporate/4.0/i586/vim-X11-7.2.065-8.2.20060mlcs4.i586.rpm 
 ff5ce0745012df27dba7c628be9696c2  corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm

Referenzen