[PLDSA 25-1] New vim packages fix arbitrary code execution
Krzysiek Taraszka
dzimi at pld.org.pl
Sun Feb 9 13:31:43 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 25-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
03 February 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to vim-6.1.212-4
Vulnerability : arbitrary code execution
Problem-Type : local
PLD-specific : no
CVE references : CAN-2002-1377
A vulnerability was discovered in vim by Georgi Guninski that allows
arbitrary command execution using the libcall feature found in modelines.
A patch to fix this problem was introduced in vim 6.1 patchlevel 265.
The above problems have been fixed in version 6.1.300-2 for the
current stable distribution (ra).
We recommend that you upgrade your vim packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'vim*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'vim*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/vim-6.1.300-2.src.rpm
MD5 checksum: 8bf75c87969d9f243b2c555879c10549
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gvim-athena-6.1.300-2.i386.rpm
MD5 checksum: 3a0a0987b7bdca5fab3afa46ec6be6d3
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gvim-gnome-6.1.300-2.i386.rpm
MD5 checksum: fe9b09b2a1d7f2ba05f0d09c1dcd22f6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gvim-gtk-6.1.300-2.i386.rpm
MD5 checksum: 2733d5b29b1ee844e0c4eb79150a006f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gvim-motif-6.1.300-2.i386.rpm
MD5 checksum: 31045679e32630a3284347b04e743451
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/vim-6.1.300-2.i386.rpm
MD5 checksum: cf7b37c3186a57d8666c75cea98b68ac
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/vim-ispell-6.1.300-2.i386.rpm
MD5 checksum: 452ff0732bc42314167ddc53c6f0ca90
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/vim-rt-6.1.300-2.i386.rpm
MD5 checksum: 599df278c9fb24953e65abcf70df3dfd
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/vim-static-6.1.300-2.i386.rpm
MD5 checksum: 410e1f0fc18b6010208b302bb66e5f9f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/xxd-6.1.300-2.i386.rpm
MD5 checksum: 0f4c45bd0ca3bfc01c17a8ac76547465
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gvim-athena-6.1.300-2.i586.rpm
MD5 checksum: 87b814de9c407fee65c46c2533ecb611
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gvim-gnome-6.1.300-2.i586.rpm
MD5 checksum: 7d5985b000cb8b9cacebd7fe7b7c9f7f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gvim-gtk-6.1.300-2.i586.rpm
MD5 checksum: fa9aa7857cd84b075dcb230e7bcd8e77
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gvim-motif-6.1.300-2.i586.rpm
MD5 checksum: d82ca091179958372a8d1eaeca534506
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/vim-6.1.300-2.i586.rpm
MD5 checksum: 1ebcca347a33fb7d272ba3c8edbce5c2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/vim-ispell-6.1.300-2.i586.rpm
MD5 checksum: 85d64824e1fdc3e71c8272db719b57ee
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/vim-rt-6.1.300-2.i586.rpm
MD5 checksum: f137f7f225c8ff65fba0a7634f976dd2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/vim-static-6.1.300-2.i586.rpm
MD5 checksum: 787c4b9f60a6b6e2bfb27510b4f28069
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/xxd-6.1.300-2.i586.rpm
MD5 checksum: f34f5020023c3cf4e65f7751cdfd48d4
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gvim-athena-6.1.300-2.i686.rpm
MD5 checksum: 04b331a11e629327be6a912e7c08a735
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gvim-gnome-6.1.300-2.i686.rpm
MD5 checksum: 99b2cb4bcc6d60b68a720fd0705d8dc7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gvim-gtk-6.1.300-2.i686.rpm
MD5 checksum: 4607205e8670d0baaf3d639f98af2fb5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gvim-motif-6.1.300-2.i686.rpm
MD5 checksum: 4e0a270ed3cbd8e4e9f3e6e2c5414303
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/vim-6.1.300-2.i686.rpm
MD5 checksum: 5c831cec83c293818d4a49322b2eceae
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/vim-ispell-6.1.300-2.i686.rpm
MD5 checksum: 4288f1ff8e7abb7c7c9fbf5cfa9b325c
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/vim-rt-6.1.300-2.i686.rpm
MD5 checksum: 565a7bdc35d5788ac62c5e16b4189114
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/vim-static-6.1.300-2.i686.rpm
MD5 checksum: 28876baf52b6b2a44bbf8787f481f3a7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/xxd-6.1.300-2.i686.rpm
MD5 checksum: 2001cd4597279a1ecfe82eb8a3264eec
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gvim-athena-6.1.300-2.ppc.rpm
MD5 checksum: 1ad5c1dd9c4942b4b76bc439ec5be819
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gvim-gnome-6.1.300-2.ppc.rpm
MD5 checksum: ad19150d6bcf0464b8f802ceb9bc3deb
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gvim-gtk-6.1.300-2.ppc.rpm
MD5 checksum: a92230bffadd206ed3567120ffe7d363
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gvim-motif-6.1.300-2.ppc.rpm
MD5 checksum: 78f09d0c5da21503b5386eafdc1827aa
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/vim-6.1.300-2.ppc.rpm
MD5 checksum: e88ba87d445017cd89d985735cc40f4e
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/vim-ispell-6.1.300-2.ppc.rpm
MD5 checksum: ae394b2f07dfd3ff127422867bddccec
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/vim-rt-6.1.300-2.ppc.rpm
MD5 checksum: deebe0bae3d805105d5f147ba32220ac
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/vim-static-6.1.300-2.ppc.rpm
MD5 checksum: 3a0ccf79a575f673f68388f78a9b7997
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/xxd-6.1.300-2.ppc.rpm
MD5 checksum: a05a42ee918e3d48d1cc18beb779524a
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list