Описание
Security update for vim
This update for vim fixes the following issues:
Security issue fixed:
- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
gvim-7.2-8.21.3.1
vim-7.2-8.21.3.1
vim-base-7.2-8.21.3.1
vim-data-7.2-8.21.3.1
SUSE Linux Enterprise Server 11 SP4-LTSS
gvim-7.2-8.21.3.1
vim-7.2-8.21.3.1
vim-base-7.2-8.21.3.1
vim-data-7.2-8.21.3.1
Ссылки
- Link for SUSE-SU-2019:14078-1
- E-Mail link for SUSE-SU-2019:14078-1
- SUSE Security Ratings
- SUSE Bug 1137443
- SUSE CVE CVE-2019-12735 page
Описание
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:gvim-7.2-8.21.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:vim-7.2-8.21.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:vim-base-7.2-8.21.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:vim-data-7.2-8.21.3.1
Ссылки
- CVE-2019-12735
- SUSE Bug 1137443