[ MDVSA-2008:236-1 ] vim

[dude67]

Several vulnerabilities were found in the vim editor:

A number of input sanitization flaws were found in various vim
system functions. If a user were to open a specially crafted file,
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).

Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).

A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).

A flaw was found in how zip.vim handled ZIP archive browsing. If a
user were to open a special ZIP archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3075).

A number of security flaws were found in netrw.vim, the vim plugin
that provides the ability to read and write files over the network.
If a user opened a specially crafted file or directory with the netrw
plugin, it could result in the execution of arbitrary code as the
user running vim (CVE-2008-3076).

A number of input validation flaws were found in vim's keyword and
tag handling. If vim looked up a document's maliciously crafted
tag or keyword, it was possible to execute arbitary code as the user
running vim (CVE-2008-4101).

A vulnerability was found in certain versions of netrw.vim where it
would send FTP credentials stored for an FTP session to subsequent
FTP sessions to servers on different hosts, exposing FTP credentials
to remote hosts (CVE-2008-4677).

This update provides vim 7.2 (patchlevel 65) which corrects all of
these issues and introduces a number of new features and bug fixes.

Update:

The previous vim update incorrectly introduced a requirement on
libruby and also conflicted with a file from the git-core package
(in contribs). These issues have been corrected with these updated
packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2712
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2953
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3074
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3075
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3076
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4101
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4677
_______________________________________________________________________