Red Hat alert: Updated vim packages available

Posted by dave on Mar 21, 2001 2:53 PM EDT
Mailing list
Mail this story
Print this story

Updated vim packages fixing a security problem are available.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated vim packages available
Advisory ID:       RHSA-2001:008-02
Issue date:        2001-01-29
Updated on:        2001-03-21
Product:           Red Hat Linux
Keywords:          vim vim-enhanced stl status line
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Updated vim packages fixing a security problem are available.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - alpha, i386, sparc

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

3. Problem description:

Users could embed malicious VIM control codes into a file - as soon as any
user opened that file in vim-enhanced or vim-X11 with the status line
option enabled in .vimrc, the commands would be executed as that user.

4. Solution:

To update all RPMs for your particular architecture, run:

rpm -Fvh 

where  is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directly *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

25194 - priviledge elevation via simple text file

6. RPMs required:

Red Hat Linux 5.2:

alpha:
ftp://updates.redhat.com/5.2/alpha/vim-common-5.7-0.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/vim-minimal-5.7-0.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/vim-enhanced-5.7-0.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/vim-X11-5.7-0.5x.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/i386/vim-common-5.7-0.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/vim-minimal-5.7-0.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/vim-enhanced-5.7-0.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/vim-X11-5.7-0.5x.i386.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/vim-common-5.7-0.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/vim-minimal-5.7-0.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/vim-enhanced-5.7-0.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/vim-X11-5.7-0.5x.sparc.rpm

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/vim-common-5.7-0.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/vim-minimal-5.7-0.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/vim-enhanced-5.7-0.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/vim-X11-5.7-0.6x.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/i386/vim-common-5.7-0.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/vim-minimal-5.7-0.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/vim-enhanced-5.7-0.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/vim-X11-5.7-0.6x.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/vim-common-5.7-0.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/vim-minimal-5.7-0.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/vim-enhanced-5.7-0.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/vim-X11-5.7-0.6x.sparc.rpm

Red Hat Linux 7.0:

alpha:
ftp://updates.redhat.com/7.0/alpha/vim-common-5.7-8.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/vim-minimal-5.7-8.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/vim-enhanced-5.7-8.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/vim-X11-5.7-8.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/i386/vim-common-5.7-8.i386.rpm
ftp://updates.redhat.com/7.0/i386/vim-minimal-5.7-8.i386.rpm
ftp://updates.redhat.com/7.0/i386/vim-enhanced-5.7-8.i386.rpm
ftp://updates.redhat.com/7.0/i386/vim-X11-5.7-8.i386.rpm


7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
d1926b72cfa364bd819ccdf0c526b594  5.2/alpha/vim-X11-5.7-0.5x.alpha.rpm
deb63e5222f140ea44f1b887a854fd5c  5.2/alpha/vim-common-5.7-0.5x.alpha.rpm
4a1e498283bd78f33452bb048e455416  5.2/alpha/vim-enhanced-5.7-0.5x.alpha.rpm
2f1fc0bc5a6517fd27c9337638f46b50  5.2/alpha/vim-minimal-5.7-0.5x.alpha.rpm
c7d9266c3cf32800f6a68f002720fed7  5.2/i386/vim-X11-5.7-0.5x.i386.rpm
857ffe1f14ffb31e0a6fabbba10bd43d  5.2/i386/vim-common-5.7-0.5x.i386.rpm
42c843dc02c084867e13415be4102365  5.2/i386/vim-enhanced-5.7-0.5x.i386.rpm
cb592d958619b6b51175313ee373ada7  5.2/i386/vim-minimal-5.7-0.5x.i386.rpm
1a1fefe9fd4254fd87d10df8add3866b  5.2/sparc/vim-X11-5.7-0.5x.sparc.rpm
e327661d176447b1f906bdc0b3d089c2  5.2/sparc/vim-common-5.7-0.5x.sparc.rpm
4d97a7d2edb97640cef445a2f80220f8  5.2/sparc/vim-enhanced-5.7-0.5x.sparc.rpm
19b227e6265e96a9acb21873be0cd9c5  5.2/sparc/vim-minimal-5.7-0.5x.sparc.rpm
dc3e0db67e3a77ceeabfa79fed089138  6.2/alpha/vim-X11-5.7-0.6x.alpha.rpm
d9a0e428d782a1705541123f4379e2fa  6.2/alpha/vim-common-5.7-0.6x.alpha.rpm
6a903d66efc3e5f6d2110f3c50f950ea  6.2/alpha/vim-enhanced-5.7-0.6x.alpha.rpm
6d58a200ab18dc9ee936bffaaade05ed  6.2/alpha/vim-minimal-5.7-0.6x.alpha.rpm
fe982256043739fea65dd562a94a7146  6.2/i386/vim-X11-5.7-0.6x.i386.rpm
017254a33a62c6947cbf42741b73d3e5  6.2/i386/vim-common-5.7-0.6x.i386.rpm
ad60afcede9a50f9fc1c7bf60dd379ae  6.2/i386/vim-enhanced-5.7-0.6x.i386.rpm
cad1178593d5980e6a6837ab76d62fb0  6.2/i386/vim-minimal-5.7-0.6x.i386.rpm
c6f2205751223b4f0fdb1f952c91dce8  6.2/sparc/vim-X11-5.7-0.6x.sparc.rpm
dfc4b48dbcfcf53e375f143b2af9101c  6.2/sparc/vim-common-5.7-0.6x.sparc.rpm
422a4a25d98ad084dd5f5dcde1d33a45  6.2/sparc/vim-enhanced-5.7-0.6x.sparc.rpm
886ac1834580e0f476eb7a855595ffa1  6.2/sparc/vim-minimal-5.7-0.6x.sparc.rpm
b9b25c3df07cfdcdd0bed10205df677d  7.0/alpha/vim-X11-5.7-8.alpha.rpm
531dafb9008867826acde02ffa3d26d6  7.0/alpha/vim-common-5.7-8.alpha.rpm
472d6f27cf91af27202ba19f9dd2f224  7.0/alpha/vim-enhanced-5.7-8.alpha.rpm
b8902ff684b4a4d5d5d8733fe27c8948  7.0/alpha/vim-minimal-5.7-8.alpha.rpm
f02d501f40cbeecbca83ac9c0694c04d  7.0/i386/vim-X11-5.7-8.i386.rpm
020d723870e6c50eebf5b1d049d6d6a7  7.0/i386/vim-common-5.7-8.i386.rpm
f70961803618a0f367bc5ddc60eb43f1  7.0/i386/vim-enhanced-5.7-8.i386.rpm
aa5d7cbffeae41f29644d06dd8137f57  7.0/i386/vim-minimal-5.7-8.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.

  Nav
» Read more about: Story Type: Security; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.