Red Hat Product Errata RHSA-2005:036 - Security Advisory

Issued:: 2005-02-15
Updated:: 2005-02-15

RHSA-2005:036 - Security Advisory

Overview
Updated Packages

Synopsis

vim security update

Type/Severity

Security Advisory: Low

Topic

Updated vim packages that fix security vulnerabilities are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

VIM (Vi IMproved) is an updated and improved version of the vi screen-based
editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. An attacker
could create a text file containing a specially crafted modeline which
could cause arbitrary command execution when viewed by a victim using VIM.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-1138 to this issue. Please note that this issue only affects
users who have modelines and filetype plugins enabled, which is not the
default.

The Debian Security Audit Project discovered an insecure temporary file
usage in VIM. A local user could overwrite or create files as a different
user who happens to run one of the the vulnerable utilities. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0069 to this issue.

All users of VIM are advised to upgrade to these erratum packages,
which contain backported patches for these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 144187 - CAN-2004-1138 vim arbitrary command execution vulnerability
BZ - 144880 - CAN-2005-0069 vim unsafe temporary file usage.

CVEs

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289560

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
vim-6.3.046-0.40E.4.src.rpm	SHA-256: cdd6094faa15583d94833ebda1b6286dc9c681179e9d7eb42cfe64d8df39f405
x86_64
vim-X11-6.3.046-0.40E.4.x86_64.rpm	SHA-256: a80d61ce1b6764360379bbc8e836be1903e6baa57462e02b70606dcbb2498c6a
vim-X11-6.3.046-0.40E.4.x86_64.rpm	SHA-256: a80d61ce1b6764360379bbc8e836be1903e6baa57462e02b70606dcbb2498c6a
vim-common-6.3.046-0.40E.4.x86_64.rpm	SHA-256: ab142f812cbe0938e5b12a831429a43186d87904c576445f58d9995dd5863429
vim-common-6.3.046-0.40E.4.x86_64.rpm	SHA-256: ab142f812cbe0938e5b12a831429a43186d87904c576445f58d9995dd5863429
vim-enhanced-6.3.046-0.40E.4.x86_64.rpm	SHA-256: 20b826f57070e992126293c852e272d723f033fc2c1214ef637233a9a8b2b843
vim-enhanced-6.3.046-0.40E.4.x86_64.rpm	SHA-256: 20b826f57070e992126293c852e272d723f033fc2c1214ef637233a9a8b2b843
vim-minimal-6.3.046-0.40E.4.x86_64.rpm	SHA-256: c50a90402819ecb06e0c0b3764769547b95b222b6f33f1537deb999f061ec25b
vim-minimal-6.3.046-0.40E.4.x86_64.rpm	SHA-256: c50a90402819ecb06e0c0b3764769547b95b222b6f33f1537deb999f061ec25b
ia64
vim-X11-6.3.046-0.40E.4.ia64.rpm	SHA-256: c2227a356dc8097ba049293846aedb8618f6bb0ca122ac1e2764ac3376629962
vim-X11-6.3.046-0.40E.4.ia64.rpm	SHA-256: c2227a356dc8097ba049293846aedb8618f6bb0ca122ac1e2764ac3376629962
vim-common-6.3.046-0.40E.4.ia64.rpm	SHA-256: 3b0530309a37275ca3f9baf95079a137d3c157d8eb9305335740ae76ccada27e
vim-common-6.3.046-0.40E.4.ia64.rpm	SHA-256: 3b0530309a37275ca3f9baf95079a137d3c157d8eb9305335740ae76ccada27e
vim-enhanced-6.3.046-0.40E.4.ia64.rpm	SHA-256: 0a4a6864976b36beeb23f01edf0dd639a0b85c06b20e79c16cc0c5cca024dca4
vim-enhanced-6.3.046-0.40E.4.ia64.rpm	SHA-256: 0a4a6864976b36beeb23f01edf0dd639a0b85c06b20e79c16cc0c5cca024dca4
vim-minimal-6.3.046-0.40E.4.ia64.rpm	SHA-256: 477d97b3fc6772a15b51ee6a9d107845d83a0bed46d6bc597dfa8b659dfc7086
vim-minimal-6.3.046-0.40E.4.ia64.rpm	SHA-256: 477d97b3fc6772a15b51ee6a9d107845d83a0bed46d6bc597dfa8b659dfc7086
i386
vim-X11-6.3.046-0.40E.4.i386.rpm	SHA-256: 133e6512614c07d0b97ee49aa82413195a7e10c53958b603378b1b10d3bc65b3
vim-X11-6.3.046-0.40E.4.i386.rpm	SHA-256: 133e6512614c07d0b97ee49aa82413195a7e10c53958b603378b1b10d3bc65b3
vim-common-6.3.046-0.40E.4.i386.rpm	SHA-256: 10e41163d4259732a1435efde5977314ee4196f2b2639db47dfffac6aa7bdb50
vim-common-6.3.046-0.40E.4.i386.rpm	SHA-256: 10e41163d4259732a1435efde5977314ee4196f2b2639db47dfffac6aa7bdb50
vim-enhanced-6.3.046-0.40E.4.i386.rpm	SHA-256: 457d769214e0f18679ee5c0ee269ef8c3466cb19bc5de4c2b0b2022bb36f5751
vim-enhanced-6.3.046-0.40E.4.i386.rpm	SHA-256: 457d769214e0f18679ee5c0ee269ef8c3466cb19bc5de4c2b0b2022bb36f5751
vim-minimal-6.3.046-0.40E.4.i386.rpm	SHA-256: 86d0a213bf0aa3fdf8c799e0a0fd7c6624d92b7b7b1bb904cea22dbc08298537
vim-minimal-6.3.046-0.40E.4.i386.rpm	SHA-256: 86d0a213bf0aa3fdf8c799e0a0fd7c6624d92b7b7b1bb904cea22dbc08298537

Red Hat Enterprise Linux Workstation 4

SRPM
vim-6.3.046-0.40E.4.src.rpm	SHA-256: cdd6094faa15583d94833ebda1b6286dc9c681179e9d7eb42cfe64d8df39f405
x86_64
vim-X11-6.3.046-0.40E.4.x86_64.rpm	SHA-256: a80d61ce1b6764360379bbc8e836be1903e6baa57462e02b70606dcbb2498c6a
vim-common-6.3.046-0.40E.4.x86_64.rpm	SHA-256: ab142f812cbe0938e5b12a831429a43186d87904c576445f58d9995dd5863429
vim-enhanced-6.3.046-0.40E.4.x86_64.rpm	SHA-256: 20b826f57070e992126293c852e272d723f033fc2c1214ef637233a9a8b2b843
vim-minimal-6.3.046-0.40E.4.x86_64.rpm	SHA-256: c50a90402819ecb06e0c0b3764769547b95b222b6f33f1537deb999f061ec25b
ia64
vim-X11-6.3.046-0.40E.4.ia64.rpm	SHA-256: c2227a356dc8097ba049293846aedb8618f6bb0ca122ac1e2764ac3376629962
vim-common-6.3.046-0.40E.4.ia64.rpm	SHA-256: 3b0530309a37275ca3f9baf95079a137d3c157d8eb9305335740ae76ccada27e
vim-enhanced-6.3.046-0.40E.4.ia64.rpm	SHA-256: 0a4a6864976b36beeb23f01edf0dd639a0b85c06b20e79c16cc0c5cca024dca4
vim-minimal-6.3.046-0.40E.4.ia64.rpm	SHA-256: 477d97b3fc6772a15b51ee6a9d107845d83a0bed46d6bc597dfa8b659dfc7086
i386
vim-X11-6.3.046-0.40E.4.i386.rpm	SHA-256: 133e6512614c07d0b97ee49aa82413195a7e10c53958b603378b1b10d3bc65b3
vim-common-6.3.046-0.40E.4.i386.rpm	SHA-256: 10e41163d4259732a1435efde5977314ee4196f2b2639db47dfffac6aa7bdb50
vim-enhanced-6.3.046-0.40E.4.i386.rpm	SHA-256: 457d769214e0f18679ee5c0ee269ef8c3466cb19bc5de4c2b0b2022bb36f5751
vim-minimal-6.3.046-0.40E.4.i386.rpm	SHA-256: 86d0a213bf0aa3fdf8c799e0a0fd7c6624d92b7b7b1bb904cea22dbc08298537

Red Hat Enterprise Linux Desktop 4

SRPM
vim-6.3.046-0.40E.4.src.rpm	SHA-256: cdd6094faa15583d94833ebda1b6286dc9c681179e9d7eb42cfe64d8df39f405
x86_64
vim-X11-6.3.046-0.40E.4.x86_64.rpm	SHA-256: a80d61ce1b6764360379bbc8e836be1903e6baa57462e02b70606dcbb2498c6a
vim-common-6.3.046-0.40E.4.x86_64.rpm	SHA-256: ab142f812cbe0938e5b12a831429a43186d87904c576445f58d9995dd5863429
vim-enhanced-6.3.046-0.40E.4.x86_64.rpm	SHA-256: 20b826f57070e992126293c852e272d723f033fc2c1214ef637233a9a8b2b843
vim-minimal-6.3.046-0.40E.4.x86_64.rpm	SHA-256: c50a90402819ecb06e0c0b3764769547b95b222b6f33f1537deb999f061ec25b
i386
vim-X11-6.3.046-0.40E.4.i386.rpm	SHA-256: 133e6512614c07d0b97ee49aa82413195a7e10c53958b603378b1b10d3bc65b3
vim-common-6.3.046-0.40E.4.i386.rpm	SHA-256: 10e41163d4259732a1435efde5977314ee4196f2b2639db47dfffac6aa7bdb50
vim-enhanced-6.3.046-0.40E.4.i386.rpm	SHA-256: 457d769214e0f18679ee5c0ee269ef8c3466cb19bc5de4c2b0b2022bb36f5751
vim-minimal-6.3.046-0.40E.4.i386.rpm	SHA-256: 86d0a213bf0aa3fdf8c799e0a0fd7c6624d92b7b7b1bb904cea22dbc08298537

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
vim-6.3.046-0.40E.4.src.rpm	SHA-256: cdd6094faa15583d94833ebda1b6286dc9c681179e9d7eb42cfe64d8df39f405
s390x
vim-X11-6.3.046-0.40E.4.s390x.rpm	SHA-256: 646a188cb474b8091949d032ff38b25f64b2271422691818b2a460f587f13b1f
vim-common-6.3.046-0.40E.4.s390x.rpm	SHA-256: 7648da6b35cfa98d47511a287530406c40f4c489a1de47f7bc40266aef349eb1
vim-enhanced-6.3.046-0.40E.4.s390x.rpm	SHA-256: f4d7988e7939ebb86d56769df671cb4b14aa81d1a32086255d04da1aa4f02a73
vim-minimal-6.3.046-0.40E.4.s390x.rpm	SHA-256: 42b2f8f5c60621ca4b6a5a8a5bd24c6eaf27d5caf737ee7cc42590c5a78d1e19
s390
vim-X11-6.3.046-0.40E.4.s390.rpm	SHA-256: 60fec52989aaf1e2e900b80cf037f997c13798f324634364030f28ce26622216
vim-common-6.3.046-0.40E.4.s390.rpm	SHA-256: 27eb7587fcc7de77848cac5ca47a5dce9528bdc8e8c91d13d05dffffa6554d16
vim-enhanced-6.3.046-0.40E.4.s390.rpm	SHA-256: f16208067f70e1a5fa65d400b7a71a17fe679b064c5db700222fc56efbcc5ab8
vim-minimal-6.3.046-0.40E.4.s390.rpm	SHA-256: 7c8d74007e49d835af2bc0f0dda5ce83055089722995ec97a1b8335a2821497d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
vim-6.3.046-0.40E.4.src.rpm	SHA-256: cdd6094faa15583d94833ebda1b6286dc9c681179e9d7eb42cfe64d8df39f405
ppc
vim-X11-6.3.046-0.40E.4.ppc.rpm	SHA-256: e4f9d3aeab1f28a9c5b81601531f6e978289c2439e6562260ca3d2d2d442e41d
vim-common-6.3.046-0.40E.4.ppc.rpm	SHA-256: 6c3ae1925826c964b8cc4b2a5b3bb67a4b66eb71b3c531982361ce9cab20a793
vim-enhanced-6.3.046-0.40E.4.ppc.rpm	SHA-256: 5b1716b3257c927d5f6ba3d3c54bd93ee2bd54310bdc5f016402b96d575d9e8f
vim-minimal-6.3.046-0.40E.4.ppc.rpm	SHA-256: ff7f747969fca776d7b6d7986e57f83ed4b7360e08cb9c229a142e4648e61622

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories