Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisorysecurity issuesoftware updateFedora 42 neovim update FEDORA-2025-5b272a55b8 critical: software update
Update to tree-sitter 0.25.2 and emacs 30.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-5b272a55b8 2025-03-10 16:13:35.332619+00:00 -------------------------------------------------------------------------------- Name : neovim Product : Fedora 42 Version : 0.10.4 Release : 3.fc42 URL : https://neovim.io Summary : Vim-fork focused on extensibility and agility Description : Neovim is a refactor - and sometimes redactor - in the tradition of Vim, which itself derives from Stevie. It is not a rewrite, but a continuation and extension of Vim. Many rewrites, clones, emulators and imitators exist; some are very clever, but none are Vim. Neovim strives to be a superset of Vim, notwithstanding some intentionally removed misfeatures; excepting those few and carefully-considered excisions, Neovim is Vim. It is built for users who want the good parts of Vim, without compromise, and more. -------------------------------------------------------------------------------- Update Information: Update to tree-sitter 0.25.2 and emacs 30.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 25 2025 Peter Oliver - 0.10.4-3 - Rebuild against tree-sitter-0.25.2-5.fc42 * Mon Feb 3 2025 Peter Oliver - 0.10.4-2 - Rebuild against tree-sitter-0.25.1-5.fc42 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2343305 - tree-sitter-0.25.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2343305 [ 2 ] Bug #2347206 - emacs-30.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347206 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5b272a55b8' at the command line. For more information, refer to the dnfdocumentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 10, 2025
•Critical
Fedora
203
security advisoryremote attackcommand injectionMageia 7: 2020-0082 Critical: Vim and Neovim Command Injection
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to . MGASA-2020-0082 - Updated vim and neovim packages fix security vulnerability Publication date: 13 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0082.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-12735 Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands when a specially crafted file is opened (CVE-2019-12735). References: - https://bugs.mageia.org/show_bug.cgi?id=24929 - https://lists.fedoraproject.org/archives/list/
Feb 13, 2020
•Critical
Mageia
202
security advisorycritical threatimportant updateopenSUSE Backports SLE-15-SP1: 2019:1997-1 Important: neovim Fix
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for neovim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1997-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention "pynvim" module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight: show underline for low-priorityCursorLine (#9028) - signs: Add "nuhml" argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via "title stacking" (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npm and yarn (#9054) - undo:Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well. This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1997=1 Package List: - openSUSE Backports SLE-15-SP1 (x86_64): neovim-0.3.7-bp151.3.3.1 - openSUSE Backports SLE-15-SP1 (noarch): neovim-lang-0.3.7-bp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 -- . The newest neovim update fixes a vital bug found in openSUSE systems. For details on the patch and implementation steps, check the resources provided.. neovim update, opensuse security, neovim patch, software fixes. . Severity: Important. LinuxSecurity.com Team
Aug 24, 2019
•Important
OpenSUSE
87
security advisorymoderatedebianDebian: DSA-4487-1 moderate: Neovim Shell Command Execution Issue
User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4487-1
Jul 23, 2019
Debian
202
security advisoryupdatepatchopenSUSE: 2019:1796-1 Important: neovim Update Fixes Security Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for neovim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1796-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention "pynvim" module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight: show underline for low-priorityCursorLine (#9028) - signs: Add "nuhml" argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via "title stacking" (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npm and yarn (#9054) - undo:Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well. This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1796=1 Package List: - openSUSE Backports SLE-15 (noarch): neovim-lang-0.3.7-bp150.2.9.1 - openSUSE Backports SLE-15 (x86_64): neovim-0.3.7-bp150.2.9.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 -- . A significant update for neovim on openSUSE has been released, addressing a major bug. Please refer to the guidelines for patch installation.. neovim Security Update, openSUSE Patch, neovim Vulnerability Fix, important neovim Update. . Severity: Important. LinuxSecurity.com Team
Jul 23, 2019
•Important
OpenSUSE
202
security advisorybug fiximportantopenSUSE: 2019:1759-1 Important: neovim Source Check Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for neovim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1759-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention "pynvim" module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight:show underline for low-priority CursorLine (#9028) - signs: Add "nuhml" argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via "title stacking" (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npmand yarn (#9054) - undo: Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1759=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1759=1 Package List: - openSUSE Leap 15.1 (x86_64): neovim-0.3.7-lp151.2.7.1 neovim-debuginfo-0.3.7-lp151.2.7.1 neovim-debugsource-0.3.7-lp151.2.7.1 - openSUSE Leap 15.1 (noarch): neovim-lang-0.3.7-lp151.2.7.1 - openSUSE Leap 15.0 (x86_64): neovim-0.3.7-lp150.13.1 neovim-debuginfo-0.3.7-lp150.13.1 neovim-debugsource-0.3.7-lp150.13.1 - openSUSE Leap 15.0 (noarch): neovim-lang-0.3.7-lp150.13.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 -- . A critical update for openSUSE addresses a neovim security vulnerability, ensuring robust system security. Uncover the specifics and remediation steps.. openSUSE Security Update, neovim Patch, Update for neovim, neovim Bug Fix, Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jul 21, 2019
•Important
OpenSUSE
202
security advisorysecurity updatearbitrary code executionopenSUSE: 2019:1551-1 Important: Arbitrary Code Execution Fix in Neovim
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for neovim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1551-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-1551=1 - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1551=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1551=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1551=1 Package List: - openSUSE Leap 42.3 (x86_64): neovim-0.2.0-6.1 neovim-debuginfo-0.2.0-6.1 neovim-debugsource-0.2.0-6.1 - openSUSE Leap 42.3 (noarch): neovim-lang-0.2.0-6.1 - openSUSE Leap 15.1 (noarch): neovim-lang-0.3.5-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): neovim-0.3.5-lp151.2.3.1 neovim-debuginfo-0.3.5-lp151.2.3.1 neovim-debugsource-0.3.5-lp151.2.3.1 - openSUSE Leap 15.0 (x86_64): neovim-0.3.1-lp150.7.1 neovim-debuginfo-0.3.1-lp150.7.1 neovim-debugsource-0.3.1-lp150.7.1 - openSUSE Leap 15.0 (noarch): neovim-lang-0.3.1-lp150.7.1 -openSUSE Backports SLE-15 (x86_64): neovim-0.3.1-bp150.2.6.1 - openSUSE Backports SLE-15 (noarch): neovim-lang-0.3.1-bp150.2.6.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 -- . New enhancement for neovim resolves critical vulnerability. Ensure you implement the most recent update for your openSUSE setup.. openSUSE Neovim Security Update, Arbitary Code Execution Mitigation, Linux Package Patch. . Severity: Important. LinuxSecurity.com Team
Jun 13, 2019
•Important
OpenSUSE
172
security advisorycode executionupdate instructionsUbuntu 4016-2: Neovim Vulnerability CVE-2019-12735 Critical Risk
Neovim could be made to run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4016-2 June 11, 2019 Neovim vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 Summary: Neovim could be made to run programs as your login if it opened a specially crafted file. Software Description: - neovim: heavily refactored vim fork Details: It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: neovim 0.3.4-1ubuntu0.19.04.1 neovim-runtime 0.3.4-1ubuntu0.19.04.1 Ubuntu 18.10: neovim 0.3.1-1ubuntu0.1 neovim-runtime 0.3.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4016-2 https://ubuntu.com/security/notices/USN-4016-1 CVE-2019-12735 Package Information: https://launchpad.net/ubuntu/+source/neovim/0.3.4-1ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/neovim/0.3.1-1ubuntu0.1 . Enhance your Neovim setup on Ubuntu to patch a serious vulnerability permitting code execution. Find the specifics here.. Neovim Update, Ubuntu Security Notice, Code Execution Flaw. . Severity: Critical. LinuxSecurity.com Team
Jun 11, 2019
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!