Bug 43111 – vim: Multiple issues (4.1)

Bug 43111 - vim: Multiple issues (4.1)


Summary:	vim: Multiple issues (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Arvid Requate
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:
Blocks:	45178
	Show dependency tree / graph

Reported:	2016-12-05 12:43 CET by Arvid Requate
Modified:	2017-08-16 13:34 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2016-12-05 12:43:19 CET

Upstream Debian package version 2:7.3.547-7+deb7u1 fixes this issue:

* vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. (CVE-2016-1248)

Comment 1 Arvid Requate

2017-02-15 21:30:06 CET

Upstream Debian package version 2:7.3.547-7+deb7u2 additionally fixes:

* buffer overflow if a spellfile has an invalid length in it.  (Closes: #854969, CVE-2017-5953)

Comment 2 Arvid Requate

2017-03-09 13:24:47 CET

Upstream Debian package version 2:7.3.547-7+deb7u3 fixes:

* An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. (CVE-2017-6349)

* An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. (CVE-2017-6350)


Max CVSS of 6.8 for CVE-2016-1248

Comment 3 Arvid Requate

2017-08-07 15:08:23 CEST

2:7.3.547-7+deb7u4 fixes:

* denial of service (invalid free) or possibly unspecified other impact via a crafted source (aka -S) file. There might be a limited number of scenarios in which this has security relevance. (CVE-2017-11109)

Comment 4 Arvid Requate

2017-08-10 14:48:46 CEST

repo_admin.py -U -d wheezy -r 4.1 -s errata4.1-4 -p vim
b41-scope errata4.1-4 vim

Advisory: vim.yaml

Comment 5 Jürn Brodersen

2017-08-11 12:26:51 CEST

Looks good
What I tested:
Opened a file in vim -> OK
changelog -> OK
YAML -> OK

Verified

Comment 6 Erik Damrose

2017-08-16 13:34:10 CEST

<http://errata.software-univention.de/ucs/4.1/450.html>