Skip to navigation

Security Advisory vim security update

Advisory: RHSA-2005:010-05
Type: Security Advisory
Severity: Low
Issued on: 2005-01-05
Last updated on: 2005-01-05
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-1138

Details

Updated vim packages that fix a modeline vulnerability are now available.

VIM (Vi IMproved) is an updated and improved version of the vi screen-based
editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible
that a malicious user could create a file containing a specially crafted
modeline which could cause arbitrary command execution when viewed by a
victim. Please note that this issue only affects users who have modelines
and filetype plugins enabled, which is not the default. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2004-1138
to this issue.

All users of VIM are advised to upgrade to these erratum packages,
which contain a backported patch for this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
vim-X11-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: bc4c3a9f814b0774d1b149a692593b2e
vim-common-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 24261f2028b06d5da8ca35a87ccc8610
vim-enhanced-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: a73de031e006487d7ff786d303e9415c
vim-minimal-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4aee80bee3f5e929901423d81fdec9c9
 
x86_64:
vim-X11-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: f524aa992ca4375baac7d336e0872beb
vim-common-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4cd585c858e2ef474333ac15313a2015
vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 3a4f3d6f6b1c782725fdd586d806bc92
vim-minimal-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4f6583be9cc3744ac10a24afc3a50b67
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
vim-X11-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d4ff95dc139d9b246a3b4bb22e56f0a2
vim-common-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d0a4daf9963f0b30d23f8b55b660e7bd
vim-enhanced-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 5e0f345e8c4149a6e526be1ebcbcaf08
vim-minimal-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 49ba3bac9787288f6ed3a6cb76ea3257
 
IA-64:
vim-X11-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: f8cf3e2990cf9f01f2e8b92413562f2f
vim-common-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: c0fcd7546afb8ffe8e059993b357291c
vim-enhanced-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: aaccc710338fc217fcb61f17a859cc75
vim-minimal-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: 86625051f0b0530dc495662a8462f0b8
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
vim-X11-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: bc4c3a9f814b0774d1b149a692593b2e
vim-common-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 24261f2028b06d5da8ca35a87ccc8610
vim-enhanced-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: a73de031e006487d7ff786d303e9415c
vim-minimal-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4aee80bee3f5e929901423d81fdec9c9
 
IA-64:
vim-X11-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: c889113a94e55add8fc9ff4a25b7ebf7
vim-common-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: aa9badc6e92b5d77b970a1155d9df8db
vim-enhanced-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 5efa3cb764808a07066756537283f7bf
vim-minimal-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: cb01ce6b3d6b8229ac834b71604c1a7c
 
PPC:
vim-X11-6.3.046-0.30E.1.ppc.rpm
File outdated by:  RHSA-2008:0617
    MD5: ab2a437d98890191fbf02e125ac4e9d8
vim-common-6.3.046-0.30E.1.ppc.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4b55871f27ef4e3b4615efe69ca34c80
vim-enhanced-6.3.046-0.30E.1.ppc.rpm
File outdated by:  RHSA-2008:0617
    MD5: 620989f956755a9599f15c31e779ab20
vim-minimal-6.3.046-0.30E.1.ppc.rpm
File outdated by:  RHSA-2008:0617
    MD5: 5be5a1eee3b838eede6703a28dde8c5b
 
s390:
vim-X11-6.3.046-0.30E.1.s390.rpm
File outdated by:  RHSA-2008:0617
    MD5: 6c35fa52e2fd0026824e2353b7f5d3f8
vim-common-6.3.046-0.30E.1.s390.rpm
File outdated by:  RHSA-2008:0617
    MD5: b231e358ccbf79bce43ba6fe2c31a696
vim-enhanced-6.3.046-0.30E.1.s390.rpm
File outdated by:  RHSA-2008:0617
    MD5: cb01c4182855dc24dcbe503deed6333b
vim-minimal-6.3.046-0.30E.1.s390.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4fd73da1b8d06876e090c624e95bc811
 
s390x:
vim-X11-6.3.046-0.30E.1.s390x.rpm
File outdated by:  RHSA-2008:0617
    MD5: c87e1eaaa9a04c503ba85c39cc9a6d9b
vim-common-6.3.046-0.30E.1.s390x.rpm
File outdated by:  RHSA-2008:0617
    MD5: 50f4f4f629051dbe46257207ba6e4b39
vim-enhanced-6.3.046-0.30E.1.s390x.rpm
File outdated by:  RHSA-2008:0617
    MD5: 52a43a425e87218212e09e129bb8d37a
vim-minimal-6.3.046-0.30E.1.s390x.rpm
File outdated by:  RHSA-2008:0617
    MD5: 62108052dd87b0bba769f6a000be0f87
 
x86_64:
vim-X11-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: f524aa992ca4375baac7d336e0872beb
vim-common-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4cd585c858e2ef474333ac15313a2015
vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 3a4f3d6f6b1c782725fdd586d806bc92
vim-minimal-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4f6583be9cc3744ac10a24afc3a50b67
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
vim-X11-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d4ff95dc139d9b246a3b4bb22e56f0a2
vim-common-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d0a4daf9963f0b30d23f8b55b660e7bd
vim-enhanced-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 5e0f345e8c4149a6e526be1ebcbcaf08
vim-minimal-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 49ba3bac9787288f6ed3a6cb76ea3257
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
vim-X11-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: bc4c3a9f814b0774d1b149a692593b2e
vim-common-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 24261f2028b06d5da8ca35a87ccc8610
vim-enhanced-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: a73de031e006487d7ff786d303e9415c
vim-minimal-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4aee80bee3f5e929901423d81fdec9c9
 
IA-64:
vim-X11-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: c889113a94e55add8fc9ff4a25b7ebf7
vim-common-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: aa9badc6e92b5d77b970a1155d9df8db
vim-enhanced-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 5efa3cb764808a07066756537283f7bf
vim-minimal-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: cb01ce6b3d6b8229ac834b71604c1a7c
 
x86_64:
vim-X11-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: f524aa992ca4375baac7d336e0872beb
vim-common-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4cd585c858e2ef474333ac15313a2015
vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 3a4f3d6f6b1c782725fdd586d806bc92
vim-minimal-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4f6583be9cc3744ac10a24afc3a50b67
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
vim-X11-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d4ff95dc139d9b246a3b4bb22e56f0a2
vim-common-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: d0a4daf9963f0b30d23f8b55b660e7bd
vim-enhanced-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 5e0f345e8c4149a6e526be1ebcbcaf08
vim-minimal-6.0-7.19.i386.rpm
File outdated by:  RHSA-2008:0618
    MD5: 49ba3bac9787288f6ed3a6cb76ea3257
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
vim-X11-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: bc4c3a9f814b0774d1b149a692593b2e
vim-common-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 24261f2028b06d5da8ca35a87ccc8610
vim-enhanced-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: a73de031e006487d7ff786d303e9415c
vim-minimal-6.3.046-0.30E.1.i386.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4aee80bee3f5e929901423d81fdec9c9
 
IA-64:
vim-X11-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: c889113a94e55add8fc9ff4a25b7ebf7
vim-common-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: aa9badc6e92b5d77b970a1155d9df8db
vim-enhanced-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 5efa3cb764808a07066756537283f7bf
vim-minimal-6.3.046-0.30E.1.ia64.rpm
File outdated by:  RHSA-2008:0617
    MD5: cb01ce6b3d6b8229ac834b71604c1a7c
 
x86_64:
vim-X11-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: f524aa992ca4375baac7d336e0872beb
vim-common-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4cd585c858e2ef474333ac15313a2015
vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 3a4f3d6f6b1c782725fdd586d806bc92
vim-minimal-6.3.046-0.30E.1.x86_64.rpm
File outdated by:  RHSA-2008:0617
    MD5: 4f6583be9cc3744ac10a24afc3a50b67
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
vim-X11-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: f8cf3e2990cf9f01f2e8b92413562f2f
vim-common-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: c0fcd7546afb8ffe8e059993b357291c
vim-enhanced-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: aaccc710338fc217fcb61f17a859cc75
vim-minimal-6.0-7.19.ia64.rpm
File outdated by:  RHSA-2008:0618
    MD5: 86625051f0b0530dc495662a8462f0b8
 

Bugs fixed (see bugzilla for more information)

142444 - CAN-2004-1138 vim arbitrary command execution vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/