MDVSA-2009:047-1
- Package name
- vim
- Date
- 2009-02-24
- Advisory ID
- MDVSA-2009:047-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Vim working directory
(CVE-2009-0316).
This update provides fix for that vulnerability.
Update:
This update also provides updated packages for Mandriva Linux 2008.0.
Updated packages
2008.0 i586
436928143868ce9f34832375a10709bc 2008.0/i586/vim-common-7.2.065-9.4mdv2008.0.i586.rpm f974a2fc48971d4e6e49f09c112fff0a 2008.0/i586/vim-enhanced-7.2.065-9.4mdv2008.0.i586.rpm 673a6e6bfc2e6bc329182453ca9a139a 2008.0/i586/vim-minimal-7.2.065-9.4mdv2008.0.i586.rpm db5c6e47b9ba3c413ae5bdbd4f2a27a8 2008.0/i586/vim-X11-7.2.065-9.4mdv2008.0.i586.rpm 03b7ff33bf257f18929dd758f97f208c 2008.0/SRPMS/vim-7.2.065-9.4mdv2008.0.src.rpm
2008.0 x86_64
f647d006195b0b753fdd64aa52cc090a 2008.0/x86_64/vim-common-7.2.065-9.4mdv2008.0.x86_64.rpm e5146968fb87dc62e16977d773606210 2008.0/x86_64/vim-enhanced-7.2.065-9.4mdv2008.0.x86_64.rpm e68f05cc9074353ad5d4ba6266fbbf4c 2008.0/x86_64/vim-minimal-7.2.065-9.4mdv2008.0.x86_64.rpm 62872d970553e355e0f9c5c6c784e86e 2008.0/x86_64/vim-X11-7.2.065-9.4mdv2008.0.x86_64.rpm 03b7ff33bf257f18929dd758f97f208c 2008.0/SRPMS/vim-7.2.065-9.4mdv2008.0.src.rpm