Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2009:047

Package name: vim
Date: 2009-02-20
Advisory ID: MDVSA-2009:047
Affected versions: 2009.0 x86_64 , CS4.0 x86_64 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Vim working directory
(CVE-2009-0316).

This update provides fix for that vulnerability.

Updated packages

2009.0 x86_64

 aeb75cedee9fd79166081bf668ea0352  2009.0/x86_64/vim-common-7.2.065-9.4mdv2009.0.x86_64.rpm
 a9d409d922685cb50d586a8491c09b2d  2009.0/x86_64/vim-enhanced-7.2.065-9.4mdv2009.0.x86_64.rpm
 c25e203db3affdcc92ae9f61e18a6b94  2009.0/x86_64/vim-minimal-7.2.065-9.4mdv2009.0.x86_64.rpm
 cba91cb0eb04eaf8a0d66945bcac27c7  2009.0/x86_64/vim-X11-7.2.065-9.4mdv2009.0.x86_64.rpm 
 86227d005c6b04472cdb6974b30a48a3  2009.0/SRPMS/vim-7.2.065-9.4mdv2009.0.src.rpm

CS4.0 x86_64

 e3ef575ebe9d451918bba0974f252fff  corporate/4.0/x86_64/vim-common-7.2.065-8.4.20060mlcs4.x86_64.rpm
 e4dba02a44db3d1bb015c0b6d706068d  corporate/4.0/x86_64/vim-enhanced-7.2.065-8.4.20060mlcs4.x86_64.rpm
 01a1b385fa91b09d8cb455b0e00a3c3d  corporate/4.0/x86_64/vim-minimal-7.2.065-8.4.20060mlcs4.x86_64.rpm
 ad6eccac9a06fc448e2c7c02a41b451e  corporate/4.0/x86_64/vim-X11-7.2.065-8.4.20060mlcs4.x86_64.rpm 
 756bcb8cb1c12ac26100a8adb91a6d36  corporate/4.0/SRPMS/vim-7.2.065-8.4.20060mlcs4.src.rpm

2009.0 i586

 3cbaf0960a636911a3dc5ebb4482aac1  2009.0/i586/vim-common-7.2.065-9.4mdv2009.0.i586.rpm
 98962347be901e074acba95df9e51e8a  2009.0/i586/vim-enhanced-7.2.065-9.4mdv2009.0.i586.rpm
 6e5030b0750b5ed64b45f87a0f0770bf  2009.0/i586/vim-minimal-7.2.065-9.4mdv2009.0.i586.rpm
 09b38a1e6a2e3ece1ab3d9cf25c7931f  2009.0/i586/vim-X11-7.2.065-9.4mdv2009.0.i586.rpm 
 86227d005c6b04472cdb6974b30a48a3  2009.0/SRPMS/vim-7.2.065-9.4mdv2009.0.src.rpm

CS3.0 x86_64

 001e6850a8d5c24f545d2b842a0d31bf  corporate/3.0/x86_64/vim-common-7.2.065-9.4.C30mdk.x86_64.rpm
 976f15ad4fb5e8979c45acf1c0f4889d  corporate/3.0/x86_64/vim-enhanced-7.2.065-9.4.C30mdk.x86_64.rpm
 a05142f50f57c35e5b81fbef41eed031  corporate/3.0/x86_64/vim-minimal-7.2.065-9.4.C30mdk.x86_64.rpm
 4636bb35f09b8b0c2c4adf05fcf8f3d5  corporate/3.0/x86_64/vim-X11-7.2.065-9.4.C30mdk.x86_64.rpm 
 0c3e94a53652145dd02c037e5740210d  corporate/3.0/SRPMS/vim-7.2.065-9.4.C30mdk.src.rpm

CS4.0 i586

 68325d5f4973816a33018b83e8a883e0  corporate/4.0/i586/vim-common-7.2.065-8.4.20060mlcs4.i586.rpm
 a6e29df8b488a11f89dc02871bd25c8b  corporate/4.0/i586/vim-enhanced-7.2.065-8.4.20060mlcs4.i586.rpm
 c2ec746cb77f28c38c332b94e803adef  corporate/4.0/i586/vim-minimal-7.2.065-8.4.20060mlcs4.i586.rpm
 cf1c95b73df93569a2f4299ccb1e6a77  corporate/4.0/i586/vim-X11-7.2.065-8.4.20060mlcs4.i586.rpm 
 756bcb8cb1c12ac26100a8adb91a6d36  corporate/4.0/SRPMS/vim-7.2.065-8.4.20060mlcs4.src.rpm

CS3.0 i586

 f7378e4ba0cdbab4f404e4d207e013d0  corporate/3.0/i586/vim-common-7.2.065-9.4.C30mdk.i586.rpm
 2e30d992a32a9d1a4f1e9cf636c12120  corporate/3.0/i586/vim-enhanced-7.2.065-9.4.C30mdk.i586.rpm
 7a39e14e5ac9d823927475f7e65536ba  corporate/3.0/i586/vim-minimal-7.2.065-9.4.C30mdk.i586.rpm
 0808562e19bbeb9261ed97518c4db364  corporate/3.0/i586/vim-X11-7.2.065-9.4.C30mdk.i586.rpm 
 0c3e94a53652145dd02c037e5740210d  corporate/3.0/SRPMS/vim-7.2.065-9.4.C30mdk.src.rpm

2008.1 x86_64

 2fc74f91f3134cfbb4ddf266f4c81659  2008.1/x86_64/vim-common-7.2.065-9.4mdv2008.1.x86_64.rpm
 b10ac883baa13e6f404be5404bf023c8  2008.1/x86_64/vim-enhanced-7.2.065-9.4mdv2008.1.x86_64.rpm
 84d71e11328246511654f8c34721a7a5  2008.1/x86_64/vim-minimal-7.2.065-9.4mdv2008.1.x86_64.rpm
 44c0cc92ec24962e9fb80ea0429b77f5  2008.1/x86_64/vim-X11-7.2.065-9.4mdv2008.1.x86_64.rpm 
 f6653998de83c4a6b41a3510c4379e98  2008.1/SRPMS/vim-7.2.065-9.4mdv2008.1.src.rpm

2008.1 i586

 1e86866ea2a5c062e08f1f94da6be2b1  2008.1/i586/vim-common-7.2.065-9.4mdv2008.1.i586.rpm
 bb21a092c349505b86eefc07d6923ac8  2008.1/i586/vim-enhanced-7.2.065-9.4mdv2008.1.i586.rpm
 3cc6bc402cc562750b3f919945051215  2008.1/i586/vim-minimal-7.2.065-9.4mdv2008.1.i586.rpm
 c5cbfd6686356940de9b17332ee72e27  2008.1/i586/vim-X11-7.2.065-9.4mdv2008.1.i586.rpm 
 f6653998de83c4a6b41a3510c4379e98  2008.1/SRPMS/vim-7.2.065-9.4mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0316