SUSE-SU-2020:14385-1

Опубликовано: 04 июн. 2020

Источник: suse-cvrf

Описание

Security update for vim

This update for vim fixes the following issues:

CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

gvim-7.2-8.21.6.2

vim-7.2-8.21.6.2

vim-base-7.2-8.21.6.2

vim-data-7.2-8.21.6.2

SUSE Linux Enterprise Server 11 SP4-LTSS

gvim-7.2-8.21.6.2

vim-7.2-8.21.6.2

vim-base-7.2-8.21.6.2

vim-data-7.2-8.21.6.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-202014385-1/
Link for SUSE-SU-2020:14385-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006887.html
E-Mail link for SUSE-SU-2020:14385-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172225
SUSE Bug 1172225
https://www.suse.com/security/cve/CVE-2019-20807/
SUSE CVE CVE-2019-20807 page

Описание

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:gvim-7.2-8.21.6.2

SUSE Linux Enterprise Point of Sale 11 SP3:vim-7.2-8.21.6.2

SUSE Linux Enterprise Point of Sale 11 SP3:vim-base-7.2-8.21.6.2

SUSE Linux Enterprise Point of Sale 11 SP3:vim-data-7.2-8.21.6.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-20807.html
CVE-2019-20807
https://bugzilla.suse.com/1172225
SUSE Bug 1172225

SUSE-SU-2020:14385-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2019-20807

Описание

Затронутые продукты

Ссылки