Red Hat 9043 Published by

Updated VIM packages are available for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated VIM packages fix security vulnerability
Advisory ID: RHSA-2005:010-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-010.html
Issue date: 2005-01-05
Updated on: 2005-01-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1138
----------------------------------------------------------------------

1. Summary:

Updated vim packages that fix a modeline vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64



3. Problem description:

VIM (Vi IMproved) is an updated and improved version of the vi screen-based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue.

All users of VIM are advised to upgrade to these erratum packages, which contain a backported patch for this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142444 - CAN-2004-1138 vim arbitrary command execution vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.19.src.rpm
ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm

i386:
d4ff95dc139d9b246a3b4bb22e56f0a2 vim-X11-6.0-7.19.i386.rpm
d0a4daf9963f0b30d23f8b55b660e7bd vim-common-6.0-7.19.i386.rpm
5e0f345e8c4149a6e526be1ebcbcaf08 vim-enhanced-6.0-7.19.i386.rpm
49ba3bac9787288f6ed3a6cb76ea3257 vim-minimal-6.0-7.19.i386.rpm

ia64:
f8cf3e2990cf9f01f2e8b92413562f2f vim-X11-6.0-7.19.ia64.rpm
c0fcd7546afb8ffe8e059993b357291c vim-common-6.0-7.19.ia64.rpm
aaccc710338fc217fcb61f17a859cc75 vim-enhanced-6.0-7.19.ia64.rpm
86625051f0b0530dc495662a8462f0b8 vim-minimal-6.0-7.19.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.19.src.rpm
ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm

ia64:
f8cf3e2990cf9f01f2e8b92413562f2f vim-X11-6.0-7.19.ia64.rpm
c0fcd7546afb8ffe8e059993b357291c vim-common-6.0-7.19.ia64.rpm
aaccc710338fc217fcb61f17a859cc75 vim-enhanced-6.0-7.19.ia64.rpm
86625051f0b0530dc495662a8462f0b8 vim-minimal-6.0-7.19.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.19.src.rpm
ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm

i386:
d4ff95dc139d9b246a3b4bb22e56f0a2 vim-X11-6.0-7.19.i386.rpm
d0a4daf9963f0b30d23f8b55b660e7bd vim-common-6.0-7.19.i386.rpm
5e0f345e8c4149a6e526be1ebcbcaf08 vim-enhanced-6.0-7.19.i386.rpm
49ba3bac9787288f6ed3a6cb76ea3257 vim-minimal-6.0-7.19.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.19.src.rpm
ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm

i386:
d4ff95dc139d9b246a3b4bb22e56f0a2 vim-X11-6.0-7.19.i386.rpm
d0a4daf9963f0b30d23f8b55b660e7bd vim-common-6.0-7.19.i386.rpm
5e0f345e8c4149a6e526be1ebcbcaf08 vim-enhanced-6.0-7.19.i386.rpm
49ba3bac9787288f6ed3a6cb76ea3257 vim-minimal-6.0-7.19.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.1.src.rpm
6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm

i386:
bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm
24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm
a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm
4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm

ia64:
c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm
aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm
5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm
cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm

ppc:
ab2a437d98890191fbf02e125ac4e9d8 vim-X11-6.3.046-0.30E.1.ppc.rpm
4b55871f27ef4e3b4615efe69ca34c80 vim-common-6.3.046-0.30E.1.ppc.rpm
620989f956755a9599f15c31e779ab20 vim-enhanced-6.3.046-0.30E.1.ppc.rpm
5be5a1eee3b838eede6703a28dde8c5b vim-minimal-6.3.046-0.30E.1.ppc.rpm

s390:
6c35fa52e2fd0026824e2353b7f5d3f8 vim-X11-6.3.046-0.30E.1.s390.rpm
b231e358ccbf79bce43ba6fe2c31a696 vim-common-6.3.046-0.30E.1.s390.rpm
cb01c4182855dc24dcbe503deed6333b vim-enhanced-6.3.046-0.30E.1.s390.rpm
4fd73da1b8d06876e090c624e95bc811 vim-minimal-6.3.046-0.30E.1.s390.rpm

s390x:
c87e1eaaa9a04c503ba85c39cc9a6d9b vim-X11-6.3.046-0.30E.1.s390x.rpm
50f4f4f629051dbe46257207ba6e4b39 vim-common-6.3.046-0.30E.1.s390x.rpm
52a43a425e87218212e09e129bb8d37a vim-enhanced-6.3.046-0.30E.1.s390x.rpm
62108052dd87b0bba769f6a000be0f87 vim-minimal-6.3.046-0.30E.1.s390x.rpm

x86_64:
f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm
4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm
3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.1.src.rpm
6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm

i386:
bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm
24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm
a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm
4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm

x86_64:
f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm
4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm
3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.1.src.rpm
6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm

i386:
bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm
24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm
a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm
4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm

ia64:
c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm
aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm
5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm
cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm

x86_64:
f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm
4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm
3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.1.src.rpm
6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm

i386:
bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm
24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm
a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm
4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm

ia64:
c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm
aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm
5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm
cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm

x86_64:
f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm
4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm
3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm
4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.