Date: Thu, 06 Jan 2005 13:53:55 -0700
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: vim
Advisory ID: MDKSA-2005:003
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Several "modeline"-related vulnerabilities were discovered in Vim by
Ciaran McCreesh. The updated packages have been patched with Bram
Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities
and adds more conservative "modeline" rights.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
dc99ec20a0d5e1ffe5705b338587dc4e 10.0/RPMS/vim-X11-6.2-14.1.100mdk.i586.rpm
321271cf96a487d030c1f63916057df6 10.0/RPMS/vim-common-6.2-14.1.100mdk.i586.rpm
cab974c180ba32f189ed2b8f9d87c4d7 10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.i586.rpm
354150734d36ae267933932fda998694 10.0/RPMS/vim-minimal-6.2-14.1.100mdk.i586.rpm
da7ed2d30da9357180fc2e95a8332ac1 10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
00c06119cda7bccb1e72313a1b2d1dce amd64/10.0/RPMS/vim-X11-6.2-14.1.100mdk.amd64.rpm
00e1ffca2a8e584885632fd628d2f963 amd64/10.0/RPMS/vim-common-6.2-14.1.100mdk.amd64.rpm
82e1be218800efc70e795a604514c375 amd64/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.amd64.rpm
2b2b8c84f7790797ab18e77f3c1e7f2f amd64/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.amd64.rpm
da7ed2d30da9357180fc2e95a8332ac1 amd64/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm
Mandrakelinux 10.1:
8b913b02ea90489aaa2bd29f795399d8 10.1/RPMS/vim-X11-6.3-5.1.101mdk.i586.rpm
5353a6cfb15280d8f1cc053743341ad1 10.1/RPMS/vim-common-6.3-5.1.101mdk.i586.rpm
f765913a4dfdd57ef7faa420a5a61830 10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.i586.rpm
684886af2c515a9e9a1c1291ec8094fd 10.1/RPMS/vim-minimal-6.3-5.1.101mdk.i586.rpm
89b134fbe9240efc208824930c9a605b 10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f035a1b1ac873ee806527eb338c135ef x86_64/10.1/RPMS/vim-X11-6.3-5.1.101mdk.x86_64.rpm
2b750028b598e8673122696bdf9f575b x86_64/10.1/RPMS/vim-common-6.3-5.1.101mdk.x86_64.rpm
03f49e6ea46596fe972b140d4edc55e3 x86_64/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.x86_64.rpm
64305d45fcf292ac1a852f189a50306b x86_64/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.x86_64.rpm
89b134fbe9240efc208824930c9a605b x86_64/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm
Corporate Server 2.1:
756cc2e58bff900c4fcb0460a6ac767f corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.i586.rpm
65697ca8ad7698cd6b141ebcefb14646 corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.i586.rpm
ef40b036454a280650b3842be5eb4b5d corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.i586.rpm
15706190a1a01413f7aa106238e592b1 corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.i586.rpm
8558f98441e0e85964d2aa9b400ebfce corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
51c1ff3d71adfddc998c9731e9cbf033 x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.x86_64.rpm
72818890b41fab3a7fca922084139bee x86_64/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.x86_64.rpm
990252b46c4d80a0f118d9f9d47480ee x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.x86_64.rpm
711e168b31f45852a0b4c50c94a17c46 x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.x86_64.rpm
8558f98441e0e85964d2aa9b400ebfce x86_64/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm
Mandrakelinux 9.2:
d05af7e58ceb4437e8f850bbffa2d78b 9.2/RPMS/vim-X11-6.2-11.1.92mdk.i586.rpm
877835edad015bd451e12314fc685d01 9.2/RPMS/vim-common-6.2-11.1.92mdk.i586.rpm
cfbdd0030d0a06bdc5200c8f7f02741d 9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.i586.rpm
02a99727758bb95e081ec55ceb80629f 9.2/RPMS/vim-minimal-6.2-11.1.92mdk.i586.rpm
1ceb7a9081a1bb02ef4c8e9881d0e8db 9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
24182d75dce9da179234a45ad31d9bf7 amd64/9.2/RPMS/vim-X11-6.2-11.1.92mdk.amd64.rpm
4b7a72d17f7964aed4d7cdf90837c8ca amd64/9.2/RPMS/vim-common-6.2-11.1.92mdk.amd64.rpm
66e94e428441701c22515b30a9092eff amd64/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.amd64.rpm
4f0bad1665fa9c844bd11f0dbdfb1c91 amd64/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.amd64.rpm
1ceb7a9081a1bb02ef4c8e9881d0e8db amd64/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB3aVjmqjQ0CJFipgRAv8fAKCFOW3mkry8Hr/tgnCcqUMmQ8CmFwCg2fbU
FxpoV4DQ+aN1yHi/KZ4jkkE=
=QaxY
-----END PGP SIGNATURE-----