Debians sikkerhedsbulletin
DSA-1733-1 vim -- flere sårbarheder
- Rapporteret den:
- 3. mar 2009
- Berørte pakker:
- vim
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 486502, Fejl 506919.
I Mitres CVE-ordbog: CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4101. - Yderligere oplysninger:
-
Flere sårbarheder er opdaget i vim, en udvidet vi-editor. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:
- CVE-2008-2712
Jan Minar opdagede at vim ikke på korrekt vis fornuftighedskontrollerede inddata, før kald af execute- eller systemfunktioner fra vim-skripter. Det kunne føre til udførelse af vilkårlig kode.
- CVE-2008-3074
Jan Minar opdagede at tar-plugin'en i vim ikke på korrekt vis fornuftighedskontrollerede filnavnene i tar-arkivet eller navnet på selve arkivet, hvilket udsatte den for udførelse af vilkårlig kode.
- CVE-2008-3075
Jan Minar opdagede at zip-plugin'en i vim ikke på korrekt vis fornuftighedskontrollerede filnavnene i tar-arkivet eller navnet på selve arkivet, hvilket udsatte den for udførelse af vilkårlig kode.
- CVE-2008-3076
Jan Minar opdagede at netrw-plugin'en i vim ikke på korrekt vis fornuftighedskontrollerede fil- eller mappenavne, den modtager. Det kunne føre til udførelse af vilkårlig kode.
- CVE-2008-4101
Ben Schmidt opdagede at vim ikke på korrekt vis indkapslede escape-tegn, når der blev udført keyword- eller tag-opslag. Det kunne føre til udførelse af vilkårlig kode.
I den gamle stabile distribution (etch), er disse problemer rettet i version 1:7.0-122+1etch5.
I den stabile distribution (lenny), er disse problemer rettet i version 1:7.1.314-3+lenny1, der allerede er med i den udgivne lenny.
I distributionen testing (squeeze), er disse problemer rettet i version 1:7.1.314-3+lenny1.
I den ustabile distribution (sid), er disse problemer rettet i version 2:7.2.010-1.
- CVE-2008-2712
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb
- http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.