Описание
Security update for vim
This update for vim fixes the following issue:
Security issue fixed:
- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gvim-8.0.1568-lp151.5.3.1
vim-8.0.1568-lp151.5.3.1
vim-data-8.0.1568-lp151.5.3.1
vim-data-common-8.0.1568-lp151.5.3.1
openSUSE Leap 15.1
gvim-8.0.1568-lp151.5.3.1
vim-8.0.1568-lp151.5.3.1
vim-data-8.0.1568-lp151.5.3.1
vim-data-common-8.0.1568-lp151.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1561-1
- SUSE Security Ratings
- SUSE Bug 1137443
- SUSE CVE CVE-2019-12735 page
Описание
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Затронутые продукты
openSUSE Leap 15.0:gvim-8.0.1568-lp151.5.3.1
openSUSE Leap 15.0:vim-8.0.1568-lp151.5.3.1
openSUSE Leap 15.0:vim-data-8.0.1568-lp151.5.3.1
openSUSE Leap 15.0:vim-data-common-8.0.1568-lp151.5.3.1
Ссылки
- CVE-2019-12735
- SUSE Bug 1137443