Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 29: Security Advisory for Vim - Command Execution Concern

fedora
Calendar Grey June 12, 2019
Dist Fedora Esm H88
Fedora 29 has issued a security notice about a VIM text editor vulnerability that allows command execution, raising risks in untrusted environments.
1717503 - Security issue: patch 8.1.1365: source command doesn't check for the sandbox

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

1717503 - Security issue: patch 8.1.1365: source command doesn't check for the

sandbox

* Thu Jun 6 2019 Zdenek Dohnal - 2:8.1.1471-1

- patchlevel 1471

* Tue May 28 2019 Zdenek Dohnal - 2:8.1.1413-1

- patchlevel 1413

* Mon May 20 2019 Zdenek Dohnal - 2:8.1.1359-2

- stop updating f28

* Mon May 20 2019 Zdenek Dohnal - 2:8.1.1359-1

- patchlevel 1359

* Mon May 20 2019 Zdenek Dohnal - 2:8.1.1137-2

- remove upstream patch

* Mon Apr 8 2019 Zdenek Dohnal - 2:8.1.1137-1

- patchlevel 1137

* Mon Apr 8 2019 Zdenek Dohnal - 2:8.1.1099-2

- 1697104 - new spec file template contains deprecated tags

* Tue Apr 2 2019 Zdenek Dohnal - 2:8.1.1099-1

- patchlevel 1099

* Tue Mar 26 2019 Zdenek Dohnal - 2:8.1.1048-2

- add bundled libvterm

* Mon Mar 25 2019 Zdenek Dohnal - 2:8.1.1048-1

- patchlevel 1048

* Fri Mar 8 2019 Zdenek Dohnal - 2:8.1.998-1

- patchlevel 998

* Fri Mar 8 2019 Zdenek Dohnal - 2:8.1.994-2

- F30 is already active in bodhi

* Mon Mar 4 2019 Zdenek Dohnal - 2:8.1.994-1

- patchlevel 994

* Wed Feb 20 2019 Zdenek Dohnal - 2:8.1.956-1

- patchlevel 956

* Wed Feb 20 2019 Zdenek Dohnal - 2:8.1.918-2

- we have Fedora 30 branch now, enable updates for it in vim-update.sh

* Thu Feb 14 2019 Zdenek Dohnal - 2:8.1.918-1

- patchlevel 918

* Thu Feb 14 2019 Zdenek Dohnal - 2:8.1.897-2

- we do not need exact include path for python3 now

* Tue Feb 12 2019 Zdenek Dohnal - 2:8.1.897-1

- patchlevel 897

* Fri Feb 8 2019 Zdenek Dohnal - 2:8.1.880-1

- patchlevel 880

* Mon Feb 4 2019 Zdenek Dohnal - 2:8.1.873-1

- patchlevel 873

* Mon Feb 4 2019 Zdenek Dohnal - 2:8.1.847-4

- remove downstream fix for new ruby, upstream solved it different way

* Sun Feb 3 2019 Fedora Release Engineering - 2:8.1.847-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Thu Jan 31 2019 Karsten Hopp - 2:8.1.847-2

- remove ancient Changelog.rpm

* Wed Jan 30 2019 Zdenek Dohnal - 2:8.1.847-2

- fix patch for new ruby-2.6

* Wed Jan 30 2019 Zdenek Dohnal - 2:8.1.847-1

- patchlevel 847

* Tue Jan 29 2019 Zdenek Dohnal - 2:8.1.837-2

- FTBFS with new ruby-2.6

* Mon Jan 28 2019 Zdenek Dohnal - 2:8.1.837-1

- patchlevel 837

* Fri Jan 25 2019 Zdenek Dohnal - 2:8.1.818-1

- patchlevel 818

* Tue Jan 22 2019 Zdenek Dohnal - 2:8.1.789-1

- patchlevel 789

* Fri Jan 11 2019 Zdenek Dohnal - 2:8.1.714-1

- patchlevel 714

* Tue Jan 8 2019 Zdenek Dohnal - 2:8.1.702-1

- patchlevel 702

* Mon Dec 10 2018 Zdenek Dohnal - 2:8.1.575-1

- patchlevel 575

* Wed Dec 5 2018 Zdenek Dohnal - 2:8.1.549-2

- do not strip binaries before build system strips it

* Tue Nov 27 2018 Zdenek Dohnal - 2:8.1.549-1

- patchlevel 549

* Tue Nov 27 2018 Zdenek Dohnal - 2:8.1.527-2

- update vim-update.sh - F27 EOL

* Fri Nov 16 2018 Zdenek Dohnal - 2:8.1.527-1

- patchlevel 527

* Thu Nov 8 2018 Zdenek Dohnal - 2:8.1.513-2

- #1646183 - do not forget the epoch

* Thu Nov 8 2018 Zdenek Dohnal - 2:8.1.513-1

- patchlevel 513

* Thu Nov 8 2018 Zdenek Dohnal - 2:8.1.511-2

- fix #1646183 properly - we need to conflict with vim-enhanced, not vim-common

* Mon Nov 5 2018 Zdenek Dohnal - 2:8.1.511-1

- patchlevel 511

* Mon Nov 5 2018 Zdenek Dohnal - 2:8.1.497-2

- 1646183 - Man file conflict for vim-minimal and vim-enhanced

* Fri Oct 26 2018 Zdenek Dohnal - 2:8.1.497-1

- patchlevel 497

* Fri Oct 19 2018 Zdenek Dohnal - 2:8.1.483-1

- patchlevel 483

* Fri Oct 19 2018 Zdenek Dohnal - 2:8.1.451-2

- 1640972 - vimrc/virc should reflect correct augroup

* Fri Oct 5 2018 Zdenek Dohnal - 2:8.1.451-1

- patchlevel 451

[ 1 ] Bug #1717942 - vim/neovim: arbitrary code execution vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1717942

[ 2 ] Bug #1718308 - CVE-2019-12735 vim/neovim: arbitrary command execution in getchar.c

https://bugzilla.redhat.com/show_bug.cgi?id=1718308

su -c 'dnf upgrade --advisory FEDORA-2019-dcd49378b8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora command execution issue vim sandbox

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 8.1.1471
Release: 1.fc29
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora command execution issue vim sandbox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here