Vim Security Update for Oracle Linux 6
Posted on: 07/19/2019 08:19 AM

Updated VIM packages has been released for Oracle Linux 6 to fix an arbitrary command execution via the modeline

Vim Security Update for Oracle Linux 6


Oracle Linux Security Advisory ELSA-2019-1774

http://linux.oracle.com/errata/ELSA-2019-1774.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
vim-X11-7.4.629-5.el6_10.2.i686.rpm
vim-common-7.4.629-5.el6_10.2.i686.rpm
vim-enhanced-7.4.629-5.el6_10.2.i686.rpm
vim-filesystem-7.4.629-5.el6_10.2.i686.rpm
vim-minimal-7.4.629-5.el6_10.2.i686.rpm

x86_64:
vim-X11-7.4.629-5.el6_10.2.x86_64.rpm
vim-common-7.4.629-5.el6_10.2.x86_64.rpm
vim-enhanced-7.4.629-5.el6_10.2.x86_64.rpm
vim-filesystem-7.4.629-5.el6_10.2.x86_64.rpm
vim-minimal-7.4.629-5.el6_10.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/vim-7.4.629-5.el6_10.2.src.rpm



Description of changes:

[2:7.4.629-5.2]
- 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary
command execution via the modeline
- fix spec warnings about expanding macros



Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/vim_security_update_for_oracle_linux_6.html)