Stay Secure with the Latest Linux Advisories

security advisoryFedoracode execution

Fedora 27: 2018: A10C1D234E Critical: VIM-Syntastic Code Execution

new upstream release v3.9.0. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-a10c1d234e 2018-08-08 15:32:12.724729 --------------------------------------------------------------------------------Name : vim-syntastic Product : Fedora 27 Version : 3.9.0 Release : 1.fc27 URL : https://github.com/vim-syntastic/syntastic Summary : A vim plugins to check syntax for programming languages Description : Syntastic is a syntax checking plugin that runs files through external syntax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to compile their code or execute their script to find them. --------------------------------------------------------------------------------Update Information: new upstream release v3.9.0 --------------------------------------------------------------------------------ChangeLog: * Mon Apr 23 2018 Pavel Raiskup - 3.9.0-1 - new upstream release, per release notes: https://github.com/vim-syntastic/syntastic/releases/tag/3.9.0 * Tue Apr 10 2018 Philippe Makowski - 3.8.0-12 - add text subpackage, fix rhbz#1562001 * Fri Feb 9 2018 Fedora Release Engineering - 3.8.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1580432 - CVE-2018-11319 vim-syntastic: Improper handling of searches for configuration files can lead to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580432 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-a10c1d234e' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/XQG3TJ7OXOQ45IEY62NV5VMGNK5CV7WQ/ . The latest vim-syntastic patch for Fedora 27 resolves significant security flaws in code execution that were identified in this update.. Fedora Security Update,Vim Syntastic Plugin,Syntax Checking Tool,Code Execution Issue,Open Source Fix. . Severity: Critical. LinuxSecurity.com Team

Aug 08, 2018 •Critical Fedora