Red Hat Product Errata RHSA-2019:1793 - Security Advisory

Issued:: 2019-07-16
Updated:: 2019-07-16

RHSA-2019:1793 - Security Advisory

Overview
Updated Packages

Synopsis

Important: vim security update

Type/Severity

Security Advisory: Important

Topic

An update for vim is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64

Fixes

BZ - 1718308 - CVE-2019-12735 vim/neovim: ':source!' command allows arbitrary command execution via modelines

CVEs

CVE-2019-12735

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
vim-7.4.160-4.el7_5.1.src.rpm	SHA-256: fbe7c89584d77a6d9c16724244cef508ac86ce4c81c3d9731ba693870a875d00
s390x
vim-X11-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: 021c4cfb33f461c072c89740fc054c4cfd211d84957a0d47341d80dc50f8241a
vim-common-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: 49eadba0cee0476581b2c45bcd969845a763ba40d769cf073be7f6a775e450e5
vim-debuginfo-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: b25e5e53ad4840bbbde8db83894057022e7d783d2fe24599da05653776910ac9
vim-enhanced-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: c5bdd444bfe7f610b39097249afe999704f817ffd4c92d9f1f434e68141e1eb5
vim-filesystem-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: 81b66d562cc17ec46f0951e200cb3758b5d2b4b362113e18f9c52770401c2899
vim-minimal-7.4.160-4.el7_5.1.s390x.rpm	SHA-256: e65112b1da8b3ab1a026efc8738533ce01c6ad36c365f3dfc1935dbc2fafa615

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
vim-7.4.160-4.el7_5.1.src.rpm	SHA-256: fbe7c89584d77a6d9c16724244cef508ac86ce4c81c3d9731ba693870a875d00
ppc64
vim-X11-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: 151bfec84bab163540dd4d330841666c7b3b3a0fad79281787902baef6f9e439
vim-common-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: 1373ba1b89614d65ac94dd940ffb4438a410019d60fa326fe50becd1b1e1c1ce
vim-debuginfo-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: 6e072b43b48266a9c650f5407420417ce16722b3f9f63e27c715242363d4e420
vim-enhanced-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: 585c02d41915a4e066acd7458a478c714c6e6ca31c99a80b84be3677a11c6413
vim-filesystem-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: fd81020e0566f63db8378f07eef1ec0e7b763243942dbd3b7d643164730d70a6
vim-minimal-7.4.160-4.el7_5.1.ppc64.rpm	SHA-256: 0c7e3fb4006db4d86d8bcf46ad966fcce6cd3ceac18b364b9b2d29bacf0be1ee

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
vim-7.4.160-4.el7_5.1.src.rpm	SHA-256: fbe7c89584d77a6d9c16724244cef508ac86ce4c81c3d9731ba693870a875d00
x86_64
vim-X11-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: eee036650fda63ee1cda9873557bb2613e080d300c3f883218c73a6a4b7ddbc3
vim-common-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 88e3c201abdc48a70b523a45cc25f16df72d2925ba7c27c61d8bb6818751e7bd
vim-debuginfo-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 4f2c58b4ba25e053d7e9e2299bfc0a99784c320cf21c230e6f4d047c28acd169
vim-debuginfo-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 4f2c58b4ba25e053d7e9e2299bfc0a99784c320cf21c230e6f4d047c28acd169
vim-enhanced-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 60560322fe88fc80a2ac42609c580d88ef4dec8c52c6503c89f9c37131434ec6
vim-filesystem-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 5c972597ef98cdc807c202196a81c48883a9980b35f109fdbaddb9e81f9527ff
vim-minimal-7.4.160-4.el7_5.1.x86_64.rpm	SHA-256: 8b7a279fde2111f05072c36163e066b938ac14a25145285b4209207b465715d9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories