RHSA-2005:745-01 Low: vim security update
Posted on: 08/22/2005 01:19 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: vim security update
Advisory ID: RHSA-2005:745-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-745.html
Issue date: 2005-08-22
Updated on: 2005-08-22
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2368
- ---------------------------------------------------------------------

1. Summary:

Updated vim packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

VIM (VIsual editor iMproved) is a version of the vi editor.

A bug was found in the way VIM processes modelines. If a user with
modelines enabled opens a text file with a carefully crafted modeline,
arbitrary commands may be executed as the user running VIM. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2368
to this issue.

Users of VIM are advised to upgrade to these updated packages, which
resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

164279 - CAN-2005-2368 vim modeline arbitrary command execution


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6 vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229 vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c vim-minimal-6.0-7.22.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6 vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229 vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c vim-minimal-6.0-7.22.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm

ppc:
813ffad3b98f8c892b8c5903e4d27d2e vim-X11-6.3.046-0.30E.4.ppc.rpm
5c2ca151372e51d5a20b10cce19890bf vim-common-6.3.046-0.30E.4.ppc.rpm
221fe7968c756a0f00072421aaf30158 vim-enhanced-6.3.046-0.30E.4.ppc.rpm
fb5741c3b749ca84ecdb09d211d5898b vim-minimal-6.3.046-0.30E.4.ppc.rpm

s390:
65d7f40c16974dd9072100f1f1f7d1d1 vim-X11-6.3.046-0.30E.4.s390.rpm
2d48d6be2667ad5ec03e06700c945175 vim-common-6.3.046-0.30E.4.s390.rpm
ce22307cf11d8426505791ca6d233cb6 vim-enhanced-6.3.046-0.30E.4.s390.rpm
a4a0e10883721dc72b1febf19bd89c6c vim-minimal-6.3.046-0.30E.4.s390.rpm

s390x:
5547916eb79a26e110fa4c684f4112e6 vim-X11-6.3.046-0.30E.4.s390x.rpm
b345578932db26bff59472a8bab31d4a vim-common-6.3.046-0.30E.4.s390x.rpm
ddedf5962c2e1564b5a819e8d2e07b90 vim-enhanced-6.3.046-0.30E.4.s390x.rpm
b2a44ba8b8211147931a652e10780b15 vim-minimal-6.3.046-0.30E.4.s390x.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm

ppc:
5ad278b1e5491d8e8c972e9a77a58255 vim-X11-6.3.046-0.40E.7.ppc.rpm
1db40dd090924c092f2de2e3a6feb92e vim-common-6.3.046-0.40E.7.ppc.rpm
68a488570856102b877df40c21d9533d vim-enhanced-6.3.046-0.40E.7.ppc.rpm
0100e370d117ee4f3519a0082be21797 vim-minimal-6.3.046-0.40E.7.ppc.rpm

s390:
71667bd231b7e487dfa358f6778a3e4b vim-X11-6.3.046-0.40E.7.s390.rpm
a84d5604e9d2774ad021433a56194a94 vim-common-6.3.046-0.40E.7.s390.rpm
9f71ff6c9a67e6274d9001852a3c8b19 vim-enhanced-6.3.046-0.40E.7.s390.rpm
171d74ca135383894c1ed0beb01c8c1e vim-minimal-6.3.046-0.40E.7.s390.rpm

s390x:
fa609585aa9e1560d54b06aeefc9719a vim-X11-6.3.046-0.40E.7.s390x.rpm
4c76afa7473c9b84af1b4c02969fa931 vim-common-6.3.046-0.40E.7.s390x.rpm
879bddaefa444fc0ae4fb1b44aa93869 vim-enhanced-6.3.046-0.40E.7.s390x.rpm
51b8c7371ea60611350746b9e5ac68ea vim-minimal-6.3.046-0.40E.7.s390x.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2368

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDCd5UXlSAg2UNWIIRApPbAJsGqtRhB0WDZdiiqOHUxMOf3PhAVgCdGY/v
9TDz3N/seCyAmHw4BJPxNYE=
=niXL
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005745_01_low_vim_security_update.html)