lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1Cmedn-00087n-L1@updates.mandrakesoft.com>
Date: Thu, 06 Jan 2005 13:53:55 -0700
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           vim
 Advisory ID:            MDKSA-2005:003
 Date:                   January 6th, 2005

 Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Several "modeline"-related vulnerabilities were discovered in Vim by
 Ciaran McCreesh.  The updated packages have been patched with Bram
 Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities
 and adds more conservative "modeline" rights.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 dc99ec20a0d5e1ffe5705b338587dc4e  10.0/RPMS/vim-X11-6.2-14.1.100mdk.i586.rpm
 321271cf96a487d030c1f63916057df6  10.0/RPMS/vim-common-6.2-14.1.100mdk.i586.rpm
 cab974c180ba32f189ed2b8f9d87c4d7  10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.i586.rpm
 354150734d36ae267933932fda998694  10.0/RPMS/vim-minimal-6.2-14.1.100mdk.i586.rpm
 da7ed2d30da9357180fc2e95a8332ac1  10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 00c06119cda7bccb1e72313a1b2d1dce  amd64/10.0/RPMS/vim-X11-6.2-14.1.100mdk.amd64.rpm
 00e1ffca2a8e584885632fd628d2f963  amd64/10.0/RPMS/vim-common-6.2-14.1.100mdk.amd64.rpm
 82e1be218800efc70e795a604514c375  amd64/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.amd64.rpm
 2b2b8c84f7790797ab18e77f3c1e7f2f  amd64/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.amd64.rpm
 da7ed2d30da9357180fc2e95a8332ac1  amd64/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 8b913b02ea90489aaa2bd29f795399d8  10.1/RPMS/vim-X11-6.3-5.1.101mdk.i586.rpm
 5353a6cfb15280d8f1cc053743341ad1  10.1/RPMS/vim-common-6.3-5.1.101mdk.i586.rpm
 f765913a4dfdd57ef7faa420a5a61830  10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.i586.rpm
 684886af2c515a9e9a1c1291ec8094fd  10.1/RPMS/vim-minimal-6.3-5.1.101mdk.i586.rpm
 89b134fbe9240efc208824930c9a605b  10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 f035a1b1ac873ee806527eb338c135ef  x86_64/10.1/RPMS/vim-X11-6.3-5.1.101mdk.x86_64.rpm
 2b750028b598e8673122696bdf9f575b  x86_64/10.1/RPMS/vim-common-6.3-5.1.101mdk.x86_64.rpm
 03f49e6ea46596fe972b140d4edc55e3  x86_64/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.x86_64.rpm
 64305d45fcf292ac1a852f189a50306b  x86_64/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.x86_64.rpm
 89b134fbe9240efc208824930c9a605b  x86_64/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm

 Corporate Server 2.1:
 756cc2e58bff900c4fcb0460a6ac767f  corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.i586.rpm
 65697ca8ad7698cd6b141ebcefb14646  corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.i586.rpm
 ef40b036454a280650b3842be5eb4b5d  corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.i586.rpm
 15706190a1a01413f7aa106238e592b1  corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.i586.rpm
 8558f98441e0e85964d2aa9b400ebfce  corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 51c1ff3d71adfddc998c9731e9cbf033  x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.x86_64.rpm
 72818890b41fab3a7fca922084139bee  x86_64/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.x86_64.rpm
 990252b46c4d80a0f118d9f9d47480ee  x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.x86_64.rpm
 711e168b31f45852a0b4c50c94a17c46  x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.x86_64.rpm
 8558f98441e0e85964d2aa9b400ebfce  x86_64/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm

 Mandrakelinux 9.2:
 d05af7e58ceb4437e8f850bbffa2d78b  9.2/RPMS/vim-X11-6.2-11.1.92mdk.i586.rpm
 877835edad015bd451e12314fc685d01  9.2/RPMS/vim-common-6.2-11.1.92mdk.i586.rpm
 cfbdd0030d0a06bdc5200c8f7f02741d  9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.i586.rpm
 02a99727758bb95e081ec55ceb80629f  9.2/RPMS/vim-minimal-6.2-11.1.92mdk.i586.rpm
 1ceb7a9081a1bb02ef4c8e9881d0e8db  9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 24182d75dce9da179234a45ad31d9bf7  amd64/9.2/RPMS/vim-X11-6.2-11.1.92mdk.amd64.rpm
 4b7a72d17f7964aed4d7cdf90837c8ca  amd64/9.2/RPMS/vim-common-6.2-11.1.92mdk.amd64.rpm
 66e94e428441701c22515b30a9092eff  amd64/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.amd64.rpm
 4f0bad1665fa9c844bd11f0dbdfb1c91  amd64/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.amd64.rpm
 1ceb7a9081a1bb02ef4c8e9881d0e8db  amd64/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB3aVjmqjQ0CJFipgRAv8fAKCFOW3mkry8Hr/tgnCcqUMmQ8CmFwCg2fbU
FxpoV4DQ+aN1yHi/KZ4jkkE=
=QaxY
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ