Branch p8 update bulletin.

Package vim updated to version 8.0.381-alt0.M80P.1 for branch p8 in task 179599.

Published: 2016-11-23
Modified: 2024-11-21

CVE-2016-1248

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-02-10
Modified: 2024-11-21

CVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-02-27
Modified: 2024-11-21

CVE-2017-6349

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-02-27
Modified: 2024-11-21

CVE-2017-6350

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Неизвестная команда в пакетном /etc/vim/vimrc

Version: 2.1.0

Branch p8 update on 2017-03-16

ALT-BU-2017-2990-1

ALT-PU-2017-1286-1

Closed vulnerabilities

CVE-2016-1248

CVE-2017-5953

CVE-2017-6349

CVE-2017-6350

Closed bugs

Bug #32833