Description:
According to a security advisory from Georgi Guninski [0] a
vulnerability exists in the Vim (Vi Improved) text editor [1] which
allows arbitrary command execution using the libcall feature in
modelines. The Common Vulnerabilities and Exposures (CVE) project
assigned the id CAN-2002-1377 [2] to the problem. Both versions 6.0
and 6.1 are affected. The necessary patch was incorporated into the
6.1 source tree beginning with patchlevel 265. We have backported the
patch to the 6.0.92 and 6.1.165 releases.
Please check whether you are affected by running "<prefix>/bin/rpm
-q vim". If you have the "vim" package installed and its version
is affected (see above), we recommend that you immediately upgrade
it (see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror
location, verify its integrity [9], build a corresponding binary RPM
from it [3] and update your OpenPKG installation by applying the binary
RPM [4]. For the current release OpenPKG 1.1, perform the following
operations to permanently fix the security problem (for other releases
adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get vim-6.1.165-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig vim-6.1.165-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild vim-6.1.165-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/1.1.*.rpm
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For instance, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed] openpkg (at) openpkg (dot) org [email concealed]
OpenPKG-SA-2003.003 21-Jan-2003
________________________________________________________________________
Package: vim
Vulnerability: arbitrary command execution
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= vim-6.1.264-20021223 >= vim-6.1.266-20021224
OpenPKG 1.1 <= vim-6.1.165-1.1.0 >= vim-6.1.165-1.1.1
OpenPKG 1.0 <= vim-6.0.92-1.0.1 >= vim-6.0.92-1.0.2
Affected Releases: Dependent Packages: none
Description:
According to a security advisory from Georgi Guninski [0] a
vulnerability exists in the Vim (Vi Improved) text editor [1] which
allows arbitrary command execution using the libcall feature in
modelines. The Common Vulnerabilities and Exposures (CVE) project
assigned the id CAN-2002-1377 [2] to the problem. Both versions 6.0
and 6.1 are affected. The necessary patch was incorporated into the
6.1 source tree beginning with patchlevel 265. We have backported the
patch to the 6.0.92 and 6.1.165 releases.
Please check whether you are affected by running "<prefix>/bin/rpm
-q vim". If you have the "vim" package installed and its version
is affected (see above), we recommend that you immediately upgrade
it (see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror
location, verify its integrity [9], build a corresponding binary RPM
from it [3] and update your OpenPKG installation by applying the binary
RPM [4]. For the current release OpenPKG 1.1, perform the following
operations to permanently fix the security problem (for other releases
adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get vim-6.1.165-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig vim-6.1.165-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild vim-6.1.165-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/1.1.*.rpm
________________________________________________________________________
References:
[0] http://www.guninski.com/vim1.html
[1] http://www.vim.org/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377
[3] http://www.openpkg.org/tutorial.html#regular-source
[4] http://www.openpkg.org/tutorial.html#regular-binary
[5] ftp://ftp.openpkg.org/release/1.0/UPD/vim-6.0.92-1.0.2.src.rpm
[6] ftp://ftp.openpkg.org/release/1.1/UPD/vim-6.1.165-1.1.1.src.rpm
[7] ftp://ftp.openpkg.org/release/1.0/UPD/
[8] ftp://ftp.openpkg.org/release/1.1/UPD/
[9] http://www.openpkg.org/security.html#signature
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For instance, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>
iD8DBQE+LQmJgHWT4GPEy58RAnk6AKDfv6ITdoQQc/DaPReKpPrkjcw4wQCfV7QY
zbz/d6jfXkRWc8Uyzl0JnUk=
=JeMp
-----END PGP SIGNATURE-----
[ reply ]