` 

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated vim packages available
Advisory ID:       RHSA-2001:008-02
Issue date:        2001-01-29
Updated on:        2001-03-21
Product:           Red Hat Linux
Keywords:          vim vim-enhanced stl status line
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Updated vim packages fixing a security problem are available.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - alpha, i386, sparc

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

3. Problem description:

Users could embed malicious VIM control codes into a file - as soon as any
user opened that file in vim-enhanced or vim-X11 with the status line
option enabled in .vimrc, the commands would be executed as that user.

4. Solution:

To update all RPMs for your particular architecture, run:

rpm -Fvh 

where  is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directly *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  ( for more info):

25194 - priviledge elevation via simple text file

6. RPMs required:

Red Hat Linux 5.2:

alpha: 
 
 
 

i386: 
 
 
 

sparc: 
 
 
 

Red Hat Linux 6.2:

alpha: 
 
 
 

i386: 
 
 
 

sparc: 
 
 
 

Red Hat Linux 7.0:

alpha: 
 
 
 

i386: 
 
 
 


7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
d1926b72cfa364bd819ccdf0c526b594  5.2/alpha/vim-X11-5.7-0.5x.alpha.rpm
deb63e5222f140ea44f1b887a854fd5c  5.2/alpha/vim-common-5.7-0.5x.alpha.rpm
4a1e498283bd78f33452bb048e455416  5.2/alpha/vim-enhanced-5.7-0.5x.alpha.rpm
2f1fc0bc5a6517fd27c9337638f46b50  5.2/alpha/vim-minimal-5.7-0.5x.alpha.rpm
c7d9266c3cf32800f6a68f002720fed7  5.2/i386/vim-X11-5.7-0.5x.i386.rpm
857ffe1f14ffb31e0a6fabbba10bd43d  5.2/i386/vim-common-5.7-0.5x.i386.rpm
42c843dc02c084867e13415be4102365  5.2/i386/vim-enhanced-5.7-0.5x.i386.rpm
cb592d958619b6b51175313ee373ada7  5.2/i386/vim-minimal-5.7-0.5x.i386.rpm
1a1fefe9fd4254fd87d10df8add3866b  5.2/sparc/vim-X11-5.7-0.5x.sparc.rpm
e327661d176447b1f906bdc0b3d089c2  5.2/sparc/vim-common-5.7-0.5x.sparc.rpm
4d97a7d2edb97640cef445a2f80220f8  5.2/sparc/vim-enhanced-5.7-0.5x.sparc.rpm
19b227e6265e96a9acb21873be0cd9c5  5.2/sparc/vim-minimal-5.7-0.5x.sparc.rpm
dc3e0db67e3a77ceeabfa79fed089138  6.2/alpha/vim-X11-5.7-0.6x.alpha.rpm
d9a0e428d782a1705541123f4379e2fa  6.2/alpha/vim-common-5.7-0.6x.alpha.rpm
6a903d66efc3e5f6d2110f3c50f950ea  6.2/alpha/vim-enhanced-5.7-0.6x.alpha.rpm
6d58a200ab18dc9ee936bffaaade05ed  6.2/alpha/vim-minimal-5.7-0.6x.alpha.rpm
fe982256043739fea65dd562a94a7146  6.2/i386/vim-X11-5.7-0.6x.i386.rpm
017254a33a62c6947cbf42741b73d3e5  6.2/i386/vim-common-5.7-0.6x.i386.rpm

</FONTad60afcede9a50f9fc1c7bf60dd379ae  6.2/i386/vim-enhanced-5.7-0.6x.i386.rpm
cad1178593d5980e6a6837ab76d62fb0  6.2/i386/vim-minimal-5.7-0.6x.i386.rpm
c6f2205751223b4f0fdb1f952c91dce8  6.2/sparc/vim-X11-5.7-0.6x.sparc.rpm
dfc4b48dbcfcf53e375f143b2af9101c  6.2/sparc/vim-common-5.7-0.6x.sparc.rpm
422a4a25d98ad084dd5f5dcde1d33a45  6.2/sparc/vim-enhanced-5.7-0.6x.sparc.rpm
886ac1834580e0f476eb7a855595ffa1  6.2/sparc/vim-minimal-5.7-0.6x.sparc.rpm
b9b25c3df07cfdcdd0bed10205df677d  7.0/alpha/vim-X11-5.7-8.alpha.rpm
531dafb9008867826acde02ffa3d26d6  7.0/alpha/vim-common-5.7-8.alpha.rpm
472d6f27cf91af27202ba19f9dd2f224  7.0/alpha/vim-enhanced-5.7-8.alpha.rpm
b8902ff684b4a4d5d5d8733fe27c8948  7.0/alpha/vim-minimal-5.7-8.alpha.rpm
f02d501f40cbeecbca83ac9c0694c04d  7.0/i386/vim-X11-5.7-8.i386.rpm
020d723870e6c50eebf5b1d049d6d6a7  7.0/i386/vim-common-5.7-8.i386.rpm
f70961803618a0f367bc5ddc60eb43f1  7.0/i386/vim-enhanced-5.7-8.i386.rpm
aa5d7cbffeae41f29644d06dd8137f57  7.0/i386/vim-minimal-5.7-8.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.
>
`

RedHat: 'vim' vulnerability

Updated vim packages fixing a security problem are available.

Summary



Summary

Users could embed malicious VIM control codes into a file - as soon as anyuser opened that file in vim-enhanced or vim-X11 with the status lineoption enabled in .vimrc, the commands would be executed as that user.


Solution

To update all RPMs for your particular architecture, run:
rpm -Fvh
where is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directly *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed ( for more info):
25194 - priviledge elevation via simple text file
6. RPMs required:
Red Hat Linux 5.2:
alpha:



i386:



sparc:



Red Hat Linux 6.2:
alpha:



i386:



sparc:



Red Hat Linux 7.0:
alpha:



i386:




7. Verification:
MD5 sum Package Name d1926b72cfa364bd819ccdf0c526b594 5.2/alpha/vim-X11-5.7-0.5x.alpha.rpm deb63e5222f140ea44f1b887a854fd5c 5.2/alpha/vim-common-5.7-0.5x.alpha.rpm 4a1e498283bd78f33452bb048e455416 5.2/alpha/vim-enhanced-5.7-0.5x.alpha.rpm 2f1fc0bc5a6517fd27c9337638f46b50 5.2/alpha/vim-minimal-5.7-0.5x.alpha.rpm c7d9266c3cf32800f6a68f002720fed7 5.2/i386/vim-X11-5.7-0.5x.i386.rpm 857ffe1f14ffb31e0a6fabbba10bd43d 5.2/i386/vim-common-5.7-0.5x.i386.rpm 42c843dc02c084867e13415be4102365 5.2/i386/vim-enhanced-5.7-0.5x.i386.rpm cb592d958619b6b51175313ee373ada7 5.2/i386/vim-minimal-5.7-0.5x.i386.rpm 1a1fefe9fd4254fd87d10df8add3866b 5.2/sparc/vim-X11-5.7-0.5x.sparc.rpm e327661d176447b1f906bdc0b3d089c2 5.2/sparc/vim-common-5.7-0.5x.sparc.rpm 4d97a7d2edb97640cef445a2f80220f8 5.2/sparc/vim-enhanced-5.7-0.5x.sparc.rpm 19b227e6265e96a9acb21873be0cd9c5 5.2/sparc/vim-minimal-5.7-0.5x.sparc.rpm dc3e0db67e3a77ceeabfa79fed089138 6.2/alpha/vim-X11-5.7-0.6x.alpha.rpm d9a0e428d782a1705541123f4379e2fa 6.2/alpha/vim-common-5.7-0.6x.alpha.rpm 6a903d66efc3e5f6d2110f3c50f950ea 6.2/alpha/vim-enhanced-5.7-0.6x.alpha.rpm 6d58a200ab18dc9ee936bffaaade05ed 6.2/alpha/vim-minimal-5.7-0.6x.alpha.rpm fe982256043739fea65dd562a94a7146 6.2/i386/vim-X11-5.7-0.6x.i386.rpm 017254a33a62c6947cbf42741b73d3e5 6.2/i386/vim-common-5.7-0.6x.i386.rpm
</FONTad60afcede9a50f9fc1c7bf60dd379ae 6.2/i386/vim-enhanced-5.7-0.6x.i386.rpm cad1178593d5980e6a6837ab76d62fb0 6.2/i386/vim-minimal-5.7-0.6x.i386.rpm c6f2205751223b4f0fdb1f952c91dce8 6.2/sparc/vim-X11-5.7-0.6x.sparc.rpm dfc4b48dbcfcf53e375f143b2af9101c 6.2/sparc/vim-common-5.7-0.6x.sparc.rpm 422a4a25d98ad084dd5f5dcde1d33a45 6.2/sparc/vim-enhanced-5.7-0.6x.sparc.rpm 886ac1834580e0f476eb7a855595ffa1 6.2/sparc/vim-minimal-5.7-0.6x.sparc.rpm b9b25c3df07cfdcdd0bed10205df677d 7.0/alpha/vim-X11-5.7-8.alpha.rpm 531dafb9008867826acde02ffa3d26d6 7.0/alpha/vim-common-5.7-8.alpha.rpm 472d6f27cf91af27202ba19f9dd2f224 7.0/alpha/vim-enhanced-5.7-8.alpha.rpm b8902ff684b4a4d5d5d8733fe27c8948 7.0/alpha/vim-minimal-5.7-8.alpha.rpm f02d501f40cbeecbca83ac9c0694c04d 7.0/i386/vim-X11-5.7-8.i386.rpm 020d723870e6c50eebf5b1d049d6d6a7 7.0/i386/vim-common-5.7-8.i386.rpm f70961803618a0f367bc5ddc60eb43f1 7.0/i386/vim-enhanced-5.7-8.i386.rpm aa5d7cbffeae41f29644d06dd8137f57 7.0/i386/vim-minimal-5.7-8.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

Copyright(c) 2000, 2001 Red Hat, Inc. > `

Package List


Severity
Advisory ID: RHSA-2001:008-02
Issued Date: : 2001-01-29
Updated on: 2001-03-21
Product: Red Hat Linux
Keywords: vim vim-enhanced stl status line
Cross references:
Obsoletes:

Topic


Topic

Updated vim packages fixing a security problem are available.


 

Relevant Releases Architectures

Red Hat Linux 5.2 - alpha, i386, sparc

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386


Bugs Fixed


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved