[RHSA-2005:745-01] Low: vim security update

bugzilla at redhat.com bugzilla at redhat.com
Mon Aug 22 14:16:53 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: vim security update
Advisory ID:       RHSA-2005:745-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-745.html
Issue date:        2005-08-22
Updated on:        2005-08-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2368
- ---------------------------------------------------------------------

1. Summary:

Updated vim packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

VIM (VIsual editor iMproved) is a version of the vi editor.   

A bug was found in the way VIM processes modelines. If a user with
modelines enabled opens a text file with a carefully crafted modeline,
arbitrary commands may be executed as the user running VIM. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2368
to this issue.
 
Users of VIM are advised to upgrade to these updated packages, which
resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 
 
This update is available via Red Hat Network.  To use Red Hat Network, 
launch the Red Hat Update Agent with the following command: 
 
up2date 
 
This will start an interactive process that will result in the 
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

164279 - CAN-2005-2368 vim modeline arbitrary command execution


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6  vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229  vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f  vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c  vim-minimal-6.0-7.22.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6  vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229  vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f  vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c  vim-minimal-6.0-7.22.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

ppc:
813ffad3b98f8c892b8c5903e4d27d2e  vim-X11-6.3.046-0.30E.4.ppc.rpm
5c2ca151372e51d5a20b10cce19890bf  vim-common-6.3.046-0.30E.4.ppc.rpm
221fe7968c756a0f00072421aaf30158  vim-enhanced-6.3.046-0.30E.4.ppc.rpm
fb5741c3b749ca84ecdb09d211d5898b  vim-minimal-6.3.046-0.30E.4.ppc.rpm

s390:
65d7f40c16974dd9072100f1f1f7d1d1  vim-X11-6.3.046-0.30E.4.s390.rpm
2d48d6be2667ad5ec03e06700c945175  vim-common-6.3.046-0.30E.4.s390.rpm
ce22307cf11d8426505791ca6d233cb6  vim-enhanced-6.3.046-0.30E.4.s390.rpm
a4a0e10883721dc72b1febf19bd89c6c  vim-minimal-6.3.046-0.30E.4.s390.rpm

s390x:
5547916eb79a26e110fa4c684f4112e6  vim-X11-6.3.046-0.30E.4.s390x.rpm
b345578932db26bff59472a8bab31d4a  vim-common-6.3.046-0.30E.4.s390x.rpm
ddedf5962c2e1564b5a819e8d2e07b90  vim-enhanced-6.3.046-0.30E.4.s390x.rpm
b2a44ba8b8211147931a652e10780b15  vim-minimal-6.3.046-0.30E.4.s390x.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

ppc:
5ad278b1e5491d8e8c972e9a77a58255  vim-X11-6.3.046-0.40E.7.ppc.rpm
1db40dd090924c092f2de2e3a6feb92e  vim-common-6.3.046-0.40E.7.ppc.rpm
68a488570856102b877df40c21d9533d  vim-enhanced-6.3.046-0.40E.7.ppc.rpm
0100e370d117ee4f3519a0082be21797  vim-minimal-6.3.046-0.40E.7.ppc.rpm

s390:
71667bd231b7e487dfa358f6778a3e4b  vim-X11-6.3.046-0.40E.7.s390.rpm
a84d5604e9d2774ad021433a56194a94  vim-common-6.3.046-0.40E.7.s390.rpm
9f71ff6c9a67e6274d9001852a3c8b19  vim-enhanced-6.3.046-0.40E.7.s390.rpm
171d74ca135383894c1ed0beb01c8c1e  vim-minimal-6.3.046-0.40E.7.s390.rpm

s390x:
fa609585aa9e1560d54b06aeefc9719a  vim-X11-6.3.046-0.40E.7.s390x.rpm
4c76afa7473c9b84af1b4c02969fa931  vim-common-6.3.046-0.40E.7.s390x.rpm
879bddaefa444fc0ae4fb1b44aa93869  vim-enhanced-6.3.046-0.40E.7.s390x.rpm
51b8c7371ea60611350746b9e5ac68ea  vim-minimal-6.3.046-0.40E.7.s390x.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDCd5UXlSAg2UNWIIRApPbAJsGqtRhB0WDZdiiqOHUxMOf3PhAVgCdGY/v
9TDz3N/seCyAmHw4BJPxNYE=
=niXL
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list