--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2343 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2343 2005-02-17 ---------------------------------------------------------------------
Name : vim Versions : rh7.3: vim-6.1-18.7x.2.3.legacy Versions : rh9: vim-6.1-29.3.legacy Versions : fc1: vim-6.2.532-1.3.legacy Summary : The VIM editor. Description : VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------- Update Information:
Updated vim packages that fix multiple vulnerabilities are now available.
VIM (Vi IMproved) is an updated and improved version of the vi screen- based editor.
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue.
Javier Fernández-Sanguino Peña noticed that the auxillary scripts "tcltags" and "vimspell.sh" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0069 to this issue.
All users of VIM are advised to upgrade to these erratum packages, which contain backported patches for these issues.
--------------------------------------------------------------------- Changelogs
* Thu Jan 20 2005 Pekka Savola <pekkas netcore fi> 1:6.1-18.7x.2.2.legacy - fix CAN-2005-0069, from Ubuntu (#2343)
* Mon Jan 10 2005 Pekka Savola <pekkas netcore fi> 1:6.1-18.7x.2.1.legacy - fix CAN-2004-1138 (#2343)
rh9: * Thu Jan 20 2005 Rob Myers <rob myers gtri gatech edu> 1:6.1-29.3.legacy - remove -b backup option for CAN-2005-0069 patch - add BuildRequires: gettext, gpm-devel, libacl-devel, libtermcap-devel, ncurses-devel for mach
* Thu Jan 20 2005 Pekka Savola <pekkas netcore fi> 1:6.1-29.2.legacy - fix CAN-2005-0069 from Ubuntu (#2343)
* Mon Jan 10 2005 Pekka Savola <pekkas netcore fi> 1:6.1-29.1.legacy - fix CAN-2004-1138 (#2343)
fc1: * Thu Jan 20 2005 Rob Myers <rob myers gtri gatech edu> 1:6.2.532-1.3.legacy - remove -b backup option for CAN-2005-0069 patch - add BuildRequires for mach: autoconf - fix CAN in previous changelog entry
* Mon Jan 10 2005 Pekka Savola <pekkas netcore fi> 1:6.2.532-1.2.legacy - fix CAN-2005-0069 from Ubuntu (#2343)
* Mon Jan 10 2005 Pekka Savola <pekkas netcore fi> 1:6.2.532-1.1.legacy - fix CAN-2004-1138 (#2343)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature