Описание
Security update for vim
This update for vim fixes the following issues:
- CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
gvim-7.2-8.20.8
vim-7.2-8.20.8
vim-base-7.2-8.20.8
vim-data-7.2-8.20.8
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gvim-7.2-8.20.8
vim-7.2-8.20.8
vim-base-7.2-8.20.8
vim-data-7.2-8.20.8
Ссылки
- Link for SUSE-SU-2017:1775-1
- E-Mail link for SUSE-SU-2017:1775-1
- SUSE Security Ratings
- SUSE Bug 1024724
- SUSE CVE CVE-2017-5953 page
Описание
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gvim-7.2-8.20.8
SUSE Linux Enterprise Server 11 SP4:vim-7.2-8.20.8
SUSE Linux Enterprise Server 11 SP4:vim-base-7.2-8.20.8
SUSE Linux Enterprise Server 11 SP4:vim-data-7.2-8.20.8
Ссылки
- CVE-2017-5953
- SUSE Bug 1024724
- SUSE Bug 1123143
- SUSE Bug 1173534