openSUSE-SU-2019:1551-1

Опубликовано: 13 июн. 2019

Источник: suse-cvrf

Описание

Security update for neovim

This update for neovim fixes the following issues:

Security issue fixed:

CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).

Список пакетов

SUSE Package Hub 15

neovim-0.3.1-bp150.2.6.1

neovim-lang-0.3.1-bp150.2.6.1

openSUSE Leap 15.0

neovim-0.3.1-bp150.2.6.1

neovim-lang-0.3.1-bp150.2.6.1

openSUSE Leap 15.1

neovim-0.3.1-bp150.2.6.1

neovim-lang-0.3.1-bp150.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYOETLXB2RD3GRLLDIZKE7UUWDK5TXBE/#TYOETLXB2RD3GRLLDIZKE7UUWDK5TXBE
E-Mail link for openSUSE-SU-2019:1551-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1137443
SUSE Bug 1137443
https://www.suse.com/security/cve/CVE-2019-12735/
SUSE CVE CVE-2019-12735 page

Описание

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Затронутые продукты

SUSE Package Hub 15:neovim-0.3.1-bp150.2.6.1

SUSE Package Hub 15:neovim-lang-0.3.1-bp150.2.6.1

openSUSE Leap 15.0:neovim-0.3.1-bp150.2.6.1

openSUSE Leap 15.0:neovim-lang-0.3.1-bp150.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12735.html
CVE-2019-12735
https://bugzilla.suse.com/1137443
SUSE Bug 1137443

openSUSE-SU-2019:1551-1

Описание

Список пакетов

SUSE Package Hub 15

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-12735

Описание

Затронутые продукты

Ссылки