Issued:
2007-05-09
Updated:
2007-05-09

RHSA-2007:0346 - Security Advisory

Synopsis

Moderate: vim security update

Type/Severity

Security Advisory: Moderate

Topic

Updated vim packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Description

VIM (VIsual editor iMproved) is a version of the vi editor.

An arbitrary command execution flaw was found in the way VIM processes
modelines. If a user with modelines enabled opened a text file containing
a carefully crafted modeline, arbitrary commands could be executed as the user
running VIM. (CVE-2007-2438)

Users of VIM are advised to upgrade to these updated packages, which
resolve this issue.

Please note: this issue did not affect VIM as distributed with Red Hat
Enterprise Linux 2.1, 3, or 4.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 238259 - CVE-2007-2438 vim-7 modeline security issue

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
x86_64
vim-X11-7.0.109-3.el5.3.x86_64.rpm SHA-256: 8b454bb227c29f90faf1a532497483143c77e2cd297eaed165029919ab488357
vim-common-7.0.109-3.el5.3.x86_64.rpm SHA-256: 049b7fef9f31d749e530114b3100a5cc6b4101d7bb0263246e80d4373db2fd79
vim-enhanced-7.0.109-3.el5.3.x86_64.rpm SHA-256: 97fb4c50c878aa0b1aa1368ff4a85de2bc17102f7fcb7b624d8dcce9bec79ea0
vim-minimal-7.0.109-3.el5.3.x86_64.rpm SHA-256: 60df29ba8c8a148c5d314d632b61972437fe6106062e7a54f90dcddd638c13c5
ia64
vim-X11-7.0.109-3.el5.3.ia64.rpm SHA-256: e9bef774cda326d971b09bafda70be983dd14027429481ad694f47d4da3a186d
vim-common-7.0.109-3.el5.3.ia64.rpm SHA-256: 69368fe69296f07c89f901528c4df62f47642aae798b725d318a778404a839a0
vim-enhanced-7.0.109-3.el5.3.ia64.rpm SHA-256: e79f1d93d559c72b1bf854c4e655d4fb3e8ee71965d22390f9026ed713451d57
vim-minimal-7.0.109-3.el5.3.ia64.rpm SHA-256: 1d7db02705d9dce0e87a39ca8fbb3fd3529856a1a075841b82ce60fbc177dc21
i386
vim-X11-7.0.109-3.el5.3.i386.rpm SHA-256: 7d7e9effc5ef983f42656836a1ff60ac7c426c4f458f1340e38a45947a337913
vim-common-7.0.109-3.el5.3.i386.rpm SHA-256: 36efed6ef827d6f62234fe9def5b9ae516801a77c0ce89bdb05d6ff7e34f7758
vim-enhanced-7.0.109-3.el5.3.i386.rpm SHA-256: b2be051cd5f2debb88e3921bb9bcd7757e941a73ce585e3470aba1b1c785567f
vim-minimal-7.0.109-3.el5.3.i386.rpm SHA-256: e44ce03c6f68284fc6f766f039d7f41b9848f73fbd2d9ffa48926358d983d667

Red Hat Enterprise Linux Workstation 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
x86_64
vim-X11-7.0.109-3.el5.3.x86_64.rpm SHA-256: 8b454bb227c29f90faf1a532497483143c77e2cd297eaed165029919ab488357
vim-common-7.0.109-3.el5.3.x86_64.rpm SHA-256: 049b7fef9f31d749e530114b3100a5cc6b4101d7bb0263246e80d4373db2fd79
vim-enhanced-7.0.109-3.el5.3.x86_64.rpm SHA-256: 97fb4c50c878aa0b1aa1368ff4a85de2bc17102f7fcb7b624d8dcce9bec79ea0
vim-minimal-7.0.109-3.el5.3.x86_64.rpm SHA-256: 60df29ba8c8a148c5d314d632b61972437fe6106062e7a54f90dcddd638c13c5
i386
vim-X11-7.0.109-3.el5.3.i386.rpm SHA-256: 7d7e9effc5ef983f42656836a1ff60ac7c426c4f458f1340e38a45947a337913
vim-common-7.0.109-3.el5.3.i386.rpm SHA-256: 36efed6ef827d6f62234fe9def5b9ae516801a77c0ce89bdb05d6ff7e34f7758
vim-enhanced-7.0.109-3.el5.3.i386.rpm SHA-256: b2be051cd5f2debb88e3921bb9bcd7757e941a73ce585e3470aba1b1c785567f
vim-minimal-7.0.109-3.el5.3.i386.rpm SHA-256: e44ce03c6f68284fc6f766f039d7f41b9848f73fbd2d9ffa48926358d983d667

Red Hat Enterprise Linux Desktop 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
x86_64
vim-X11-7.0.109-3.el5.3.x86_64.rpm SHA-256: 8b454bb227c29f90faf1a532497483143c77e2cd297eaed165029919ab488357
vim-common-7.0.109-3.el5.3.x86_64.rpm SHA-256: 049b7fef9f31d749e530114b3100a5cc6b4101d7bb0263246e80d4373db2fd79
vim-enhanced-7.0.109-3.el5.3.x86_64.rpm SHA-256: 97fb4c50c878aa0b1aa1368ff4a85de2bc17102f7fcb7b624d8dcce9bec79ea0
vim-minimal-7.0.109-3.el5.3.x86_64.rpm SHA-256: 60df29ba8c8a148c5d314d632b61972437fe6106062e7a54f90dcddd638c13c5
i386
vim-X11-7.0.109-3.el5.3.i386.rpm SHA-256: 7d7e9effc5ef983f42656836a1ff60ac7c426c4f458f1340e38a45947a337913
vim-common-7.0.109-3.el5.3.i386.rpm SHA-256: 36efed6ef827d6f62234fe9def5b9ae516801a77c0ce89bdb05d6ff7e34f7758
vim-enhanced-7.0.109-3.el5.3.i386.rpm SHA-256: b2be051cd5f2debb88e3921bb9bcd7757e941a73ce585e3470aba1b1c785567f
vim-minimal-7.0.109-3.el5.3.i386.rpm SHA-256: e44ce03c6f68284fc6f766f039d7f41b9848f73fbd2d9ffa48926358d983d667

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
s390x
vim-X11-7.0.109-3.el5.3.s390x.rpm SHA-256: 9489ad97d49dd08d517e8c72e6822b576994945edcbbb88ab159ebe8858299f8
vim-common-7.0.109-3.el5.3.s390x.rpm SHA-256: 66c56aeda4e9ff0ebc43975116e9b7d662c30fa5ad53194f2034b0487a602636
vim-enhanced-7.0.109-3.el5.3.s390x.rpm SHA-256: a93f6522b6502e1fd29cbb0d427169426fd66775350a1c0ddf33f6300511793e
vim-minimal-7.0.109-3.el5.3.s390x.rpm SHA-256: 9a3706840bd1de145e0cc596aca5a157b4a4a1b2e0354b087cf1e6cef0e57bf9

Red Hat Enterprise Linux for Power, big endian 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
ppc
vim-X11-7.0.109-3.el5.3.ppc.rpm SHA-256: a6fd006923518bcd4c57d4e66de787e39246cc2b40c7ff743c0c32847c32e76b
vim-common-7.0.109-3.el5.3.ppc.rpm SHA-256: cc5c9ad47a2d9798f568b8dfb9e3654b48b0f310544f215436b6412e257c0800
vim-enhanced-7.0.109-3.el5.3.ppc.rpm SHA-256: cca506bd61fe6718e128817fd7d16bb81e39cb3a3d72fb9064121890d41d6020
vim-minimal-7.0.109-3.el5.3.ppc.rpm SHA-256: 63fd845f770113e5d248132e9d1c4e53f16212ce180da72469dcb6041de4d7a1

Red Hat Enterprise Linux Server from RHUI 5

SRPM
vim-7.0.109-3.el5.3.src.rpm SHA-256: e0200ca10c38ac2d412cb6ea121a8ce5be283e2840f13197e20b88607ed9c68b
x86_64
vim-X11-7.0.109-3.el5.3.x86_64.rpm SHA-256: 8b454bb227c29f90faf1a532497483143c77e2cd297eaed165029919ab488357
vim-common-7.0.109-3.el5.3.x86_64.rpm SHA-256: 049b7fef9f31d749e530114b3100a5cc6b4101d7bb0263246e80d4373db2fd79
vim-enhanced-7.0.109-3.el5.3.x86_64.rpm SHA-256: 97fb4c50c878aa0b1aa1368ff4a85de2bc17102f7fcb7b624d8dcce9bec79ea0
vim-minimal-7.0.109-3.el5.3.x86_64.rpm SHA-256: 60df29ba8c8a148c5d314d632b61972437fe6106062e7a54f90dcddd638c13c5
i386
vim-X11-7.0.109-3.el5.3.i386.rpm SHA-256: 7d7e9effc5ef983f42656836a1ff60ac7c426c4f458f1340e38a45947a337913
vim-common-7.0.109-3.el5.3.i386.rpm SHA-256: 36efed6ef827d6f62234fe9def5b9ae516801a77c0ce89bdb05d6ff7e34f7758
vim-enhanced-7.0.109-3.el5.3.i386.rpm SHA-256: b2be051cd5f2debb88e3921bb9bcd7757e941a73ce585e3470aba1b1c785567f
vim-minimal-7.0.109-3.el5.3.i386.rpm SHA-256: e44ce03c6f68284fc6f766f039d7f41b9848f73fbd2d9ffa48926358d983d667

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.