openSUSE Security Update: Security update for neovim
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2019:1759-1
Rating:             important
References:         #1137443 
Cross-References:   CVE-2019-12735
Affected Products:
                    openSUSE Leap 15.1
                    openSUSE Leap 15.0
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for neovim fixes the following issues:

   neovim was updated to version 0.3.7:

   * CVE-2019-12735: source should check sandbox (boo#1137443)
   * genappimage.sh: migrate to linuxdeploy

   Version Update to version 0.3.5:

   * options: properly reset directories on 'autochdir'
   * Remove MSVC optimization workaround for SHM_ALL
   * Make SHM_ALL to a variable instead of a compound literal #define
   * doc: mention "pynvim" module rename
   * screen: don't crash when drawing popupmenu with 'rightleft' option
   * look-behind match may use the wrong line number
   * :terminal : set topline based on window height
   * :recover : Fix crash on non-existent *.swp

   Version Update to version 0.3.4:

   * test: add tests for conceal cursor movement
   * display: unify ursorline and concealcursor redraw logic

   Version Update to version 0.3.3:

   * health/provider: Check for available pynvim when neovim mod is missing
   * python#CheckForModule: Use the given module string instead of
     hard-coding pynvim
   * (health.provider)/python: Import the neovim, rather than pynvim, module
   * TUI: Konsole DECSCUSR fixup

   Version Update to version 0.3.2:-

   * Features

     - clipboard: support Custom VimL functions (#9304)
     - win/TUI: improve terminal/console support (#9401)
     - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
     - support mapping in more places (#9299)
     - diff/highlight: show underline for low-priority CursorLine (#9028)
     - signs: Add "nuhml" argument (#9113)
     - clipboard: support Wayland (#9230)
     - TUI: add support for undercurl and underline color (#9052)
     - man.vim: soft (dynamic) wrap (#9023)

   * API

     - API: implement object namespaces (#6920)
     - API: implement nvim_win_set_buf() (#9100)
     - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
     - API: add nvim_buf_is_loaded() (#8660)
     - API: nvm_buf_get_offset_for_line (#8221)
     - API/UI: ext_newgrid, ext_histate (#8221)

   * UI

     - TUI: use BCE again more often (smoother resize) (#8806)
     - screen: add missing status redraw when redraw_later(CLEAR) was used
       (#9315)
     - TUI: clip invalid regions on resize (#8779)
     - TUI: improvements for scrolling and clearing (#9193)
     - TUI: disable clearing almost everywhere (#9143)
     - TUI: always use safe cursor movement after resize (#9079)
     - ui_options: also send when starting or from OptionSet (#9211)
     - TUI: Avoid reset_color_cursor_color in old VTE (#9191)
     - Don't erase screen on :hi Normal during startup (#9021)
     - TUI: Hint wrapped lines to terminals (#8915)

   * FIXES

     - RPC: turn errors from async calls into notifications
     - TUI: Restore terminal title via "title stacking" (#9407)
     - genappimage: Unset $ARGV0 at invocation (#9376)
     - TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
     - provider: improve error message (#9344)
     - runtime/syntax: Fix highlighting of autogroup contents (#9328)
     - VimL/confirm(): Show dialog even if :silent (#9297)
     - clipboard: prefer xclip (#9302)
     - provider/nodejs: fix npm, yarn detection
     - channel: avoid buffering output when only terminal is active (#9218)
     - ruby: detect rbenv shims for other versions (#8733)
     - third party/unibilium: Fix parsing of extended capabilitiy entries
       (#9123)
     - jobstart(): Fix hang on non-executable cwd (#9204)
     - provide/nodejs: Simultaneously query npm and yarn (#9054)
     - undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
     - 'swapfile: always show dialog' (#9034)

   - Add to the system-wide configuration file extension of runtimepath by
     /usr/share/vim/site, so that neovim uses other Vim plugins installed
     from packages.

   - Add /usr/share/vim/site tree of directories to be owned by neovim as
     well.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2019-1759=1

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2019-1759=1



Package List:

   - openSUSE Leap 15.1 (x86_64):

      neovim-0.3.7-lp151.2.7.1
      neovim-debuginfo-0.3.7-lp151.2.7.1
      neovim-debugsource-0.3.7-lp151.2.7.1

   - openSUSE Leap 15.1 (noarch):

      neovim-lang-0.3.7-lp151.2.7.1

   - openSUSE Leap 15.0 (x86_64):

      neovim-0.3.7-lp150.13.1
      neovim-debuginfo-0.3.7-lp150.13.1
      neovim-debugsource-0.3.7-lp150.13.1

   - openSUSE Leap 15.0 (noarch):

      neovim-lang-0.3.7-lp150.13.1


References:

   https://www.suse.com/security/cve/CVE-2019-12735.html
   https://bugzilla.suse.com/1137443

--

openSUSE: 2019:1759-1: important: neovim

July 21, 2019
An update that fixes one vulnerability is now available.

Description

This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention "pynvim" module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight: show underline for low-priority CursorLine (#9028) - signs: Add "nuhml" argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via "title stacking" (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npm and yarn (#9054) - undo: Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1759=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1759=1


Package List

- openSUSE Leap 15.1 (x86_64): neovim-0.3.7-lp151.2.7.1 neovim-debuginfo-0.3.7-lp151.2.7.1 neovim-debugsource-0.3.7-lp151.2.7.1 - openSUSE Leap 15.1 (noarch): neovim-lang-0.3.7-lp151.2.7.1 - openSUSE Leap 15.0 (x86_64): neovim-0.3.7-lp150.13.1 neovim-debuginfo-0.3.7-lp150.13.1 neovim-debugsource-0.3.7-lp150.13.1 - openSUSE Leap 15.0 (noarch): neovim-lang-0.3.7-lp150.13.1


References

https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443--


Severity
Announcement ID: openSUSE-SU-2019:1759-1
Rating: important
Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved