Scientific Linux alert SLSA-2019:1619-1 (vim)


From:
               Farhan Ahmed <fahmed@fnal.gov> 
To:
               <scientific-linux-errata@listserv.fnal.gov> 
Subject:
               Security ERRATA Important: vim on SL7.x x86_64 
Date:
               Mon, 1 Jul 2019 17:24:25 +0000
Message-ID:
               <20190701172425.5788.97178@slpackages.fnal.gov>
Synopsis: Important: vim security update
Advisory ID:       SLSA-2019:1619-1
Issue Date:        2019-07-01
CVE Numbers:       CVE-2019-12735
--

Security Fix(es):

* vim/neovim: ':source!' command allows arbitrary command execution via
modelines (CVE-2019-12735)
--

SL7
  x86_64
    vim-X11-7.4.160-6.el7_6.x86_64.rpm
    vim-common-7.4.160-6.el7_6.x86_64.rpm
    vim-debuginfo-7.4.160-6.el7_6.x86_64.rpm
    vim-enhanced-7.4.160-6.el7_6.x86_64.rpm
    vim-filesystem-7.4.160-6.el7_6.x86_64.rpm
    vim-minimal-7.4.160-6.el7_6.x86_64.rpm

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: vim on SL7.x x86_64
Date:		Mon, 1 Jul 2019 17:24:25 +0000
Message-ID:		<20190701172425.5788.97178@slpackages.fnal.gov>