Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Debian: DLA-1871-1 Critical: vim Denial Of Service Risks

debian lts
Calendar Grey August 3, 2019
Dist Debian Esm H88
Follow these steps to enhance Vim's security by fixing identified CVEs on Debian: update package list, upgrade Vim, and verify the version and config
Several minor issues have been fixed in vim, a highly configurable text editor
Topics%20covered

Topics Covered

security advisory denial of service critical Debian vim

Summary

CVE-2017-11109

Vim allows attackers to cause a denial of service (invalid free)
or possibly have unspecified other impact via a crafted source
(aka -S) file.

CVE-2017-17087

Vim sets the group ownership of a .swp file to the editor's
primary group (which may be different from the group ownership of
the original file), which allows local users to obtain sensitive
information by leveraging an applicable group membership.

CVE-2019-12735

Vim did not restrict the `:source!` command when executed in a
sandbox.

For Debian 8 "Jessie", these problems have been fixed in version
2:7.4.488-7+deb8u4.

We recommend that you upgrade your vim packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: vim
Version: 2:7.4.488-7+deb8u4
CVE ID: CVE-2017-11109 CVE-2017-17087 CVE-2019-12735
Debian Bug: 867720 930020

Topics%20covered

Topics Covered

security advisory denial of service critical Debian vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here