[Cucumber-linux-security] vim (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] vim (security update is available)
|
From: Z5T1 <z5...@z5...> - 2017-11-01 16:18:12
|
Update Information A security update is available for vim for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 1 11:32:53 EDT 2017 base/vim rebuilt (build 5) to fix CVE-2017-1000382, a vulnerability with Vim's swap files which could result in unintended information disclosure, by allowing for arbitrary users to view the contents of files not originally intended to be viewed. This has been successfully used to get (amongst other things) Wordpress database credentials (from wp-config.php). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 http://security.cucumberlinux.com/security/details.php?id=120 http://www.openwall.com/lists/oss-security/2017/10/31/1 IMPORTANT NOTE: THIS VULNERABILITY WAS FIXED BY MAKING A CHANGE TO THE /etc/vimrc FILE. THEREFORE, WHEN UPGRADING YOUR VIM PACKAGES, MAKE SURE TO EITHER INSTALL THE NEW /etc/vimrc FILE OR COPY THE CHANGES FROM /etc/vimrc.new OVER TO /etc/vimrc. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-120 [CVE-2017-1000382] (http://security.cucumberlinux.com/security/details.php?id=120) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update ****IMPORTANT***: This vulnerability was fixed by making a change to the '/etc/vimrc' file. Therefore, when you install the new package, it is important that you either replace your old vimrc file with the new one (by choosing 'REPLACE' on the new file action menu) or copy the changes over from the new vimrc to your existing vimrc.* The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure vim is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
