ALT Linux Team

Package vim update in sisyphus on 2018-06-08

ALT-PU-2018-1878-1

Package vim updated to version 8.1.26-alt1 for branch sisyphus in task 207255.

Closed vulnerabilities

Published: 2017-11-04

BDU:2022-05951

Уязвимость компонентов fileio.c, /etc/shadow, /etc/.shadow.swp текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-05-25

BDU:2022-06483

Уязвимость функции vim_regsub_both компонента regexp.c текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-10-31
Modified: 2024-11-21

CVE-2017-1000382

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-12-01
Modified: 2024-11-21

CVE-2017-17087

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-05-27
Modified: 2024-11-21

CVE-2022-1897

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #33359

не поддерживается юникод

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top