Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in vim
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in vim
ID: MDKSA-2005:029
Distribution: Mandrake
Plattformen: Mandrake Corporate Server 2.1, Mandrake 10.0, Mandrake 10.1, Mandrake Corporate Server 3.0
Datum: Do, 3. Februar 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0069
Applikationen: vim

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: vim
Advisory ID: MDKSA-2005:029
Date: February 2nd, 2005

Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________

Problem Description:

Javier Fernandez-Sanguino Pena discovered two vulnerabilities in
scripts included with the vim editor. The two scripts, "tcltags" and
"vimspell.sh" created temporary files in an insecure manner which
could
allow a malicious user to execute a symbolic link attack or to create,
or overwrite, arbitrary files with the privileges of the user invoking
the scripts.

The updated packages are patched to prevent this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
a497615138e30904c32539215c6d903a 10.0/RPMS/vim-X11-6.2-14.3.100mdk.i586.rpm
d488f55bedf67594dd520297fd3eface
10.0/RPMS/vim-common-6.2-14.3.100mdk.i586.rpm
85cfc298b9a02967094efea290782997
10.0/RPMS/vim-enhanced-6.2-14.3.100mdk.i586.rpm
1cc86fc0a1d9ef8afc4ac7ec5d21e178
10.0/RPMS/vim-minimal-6.2-14.3.100mdk.i586.rpm
c2430368e2a00f10c5f4478031aef8f5 10.0/SRPMS/vim-6.2-14.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
65c740cdd93cf118f0388092ca1df805
amd64/10.0/RPMS/vim-X11-6.2-14.3.100mdk.amd64.rpm
b3b77571fd585b4a203ad38fb67491f4
amd64/10.0/RPMS/vim-common-6.2-14.3.100mdk.amd64.rpm
fc971fbd7139933cb2310750fd2bfa07
amd64/10.0/RPMS/vim-enhanced-6.2-14.3.100mdk.amd64.rpm
308e09ca94743cabc8383931343e2f25
amd64/10.0/RPMS/vim-minimal-6.2-14.3.100mdk.amd64.rpm
d6d5c1fb367631a5817b1adf26a7c088 amd64/10.0/SRPMS/vim-6.3-5.3.101mdk.src.rpm

Mandrakelinux 10.1:
7402ce38068ebe6428e255aed9d1b32a 10.1/RPMS/vim-X11-6.3-5.3.101mdk.i586.rpm
59540cd8bc6175cf354a139e677eae99 10.1/RPMS/vim-common-6.3-5.3.101mdk.i586.rpm
bb529b506445cb7b683541a80ac8d886
10.1/RPMS/vim-enhanced-6.3-5.3.101mdk.i586.rpm
0cab225825abe756aaa7af0a43f6a6d8
10.1/RPMS/vim-minimal-6.3-5.3.101mdk.i586.rpm
d6d5c1fb367631a5817b1adf26a7c088 10.1/SRPMS/vim-6.3-5.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
bf3df27d80419a64537f3b05d144439a
x86_64/10.1/RPMS/vim-X11-6.3-5.3.101mdk.x86_64.rpm
40d259fa79d53d7711fe2fc167d55350
x86_64/10.1/RPMS/vim-common-6.3-5.3.101mdk.x86_64.rpm
9ffd842e2a1477cda4c9f13de0793b52
x86_64/10.1/RPMS/vim-enhanced-6.3-5.3.101mdk.x86_64.rpm
fbcf081d2a5e210795d7bd342f4cba0b
x86_64/10.1/RPMS/vim-minimal-6.3-5.3.101mdk.x86_64.rpm
d6d5c1fb367631a5817b1adf26a7c088 x86_64/10.1/SRPMS/vim-6.3-5.3.101mdk.src.rpm

Corporate Server 2.1:
27e02262fe99d2577c72c71e18153b46
corporate/2.1/RPMS/vim-X11-6.1-34.4.C21mdk.i586.rpm
b5803a5823cd5b6c6b7b0e62cbecc143
corporate/2.1/RPMS/vim-common-6.1-34.4.C21mdk.i586.rpm
6a814f9b4ca8ffb8368206b332067143
corporate/2.1/RPMS/vim-enhanced-6.1-34.4.C21mdk.i586.rpm
a270b231cf03663def65755d917d08cf
corporate/2.1/RPMS/vim-minimal-6.1-34.4.C21mdk.i586.rpm
d5f472d9d348c8e99dbfa83bc873fada
corporate/2.1/SRPMS/vim-6.1-34.4.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
0bc98c9d458f57a4fdcb6ac10658e300
x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.4.C21mdk.x86_64.rpm
6f35bd36792982781e1bfebc169dd57b
x86_64/corporate/2.1/RPMS/vim-common-6.1-34.4.C21mdk.x86_64.rpm
5053e63ecd2ab6ed166ede229e51ad74
x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.4.C21mdk.x86_64.rpm
890f3cc6e7dee56eee795edaadddd311
x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.4.C21mdk.x86_64.rpm
d5f472d9d348c8e99dbfa83bc873fada
x86_64/corporate/2.1/SRPMS/vim-6.1-34.4.C21mdk.src.rpm

Corporate Server 3.0:
faefa2f1b13e3c11153e36d1f1d707e4
corporate/3.0/RPMS/vim-X11-6.2-14.3.C30mdk.i586.rpm
bae1e23e67078f5690f3394111a6289f
corporate/3.0/RPMS/vim-common-6.2-14.3.C30mdk.i586.rpm
2df691c870b48daab131a71137b295b5
corporate/3.0/RPMS/vim-enhanced-6.2-14.3.C30mdk.i586.rpm
ee41e66c0ed6d9a0157f24ec9b0fd0a6
corporate/3.0/RPMS/vim-minimal-6.2-14.3.C30mdk.i586.rpm
cce31946fe7b92757d3eaad0cea7e753
corporate/3.0/SRPMS/vim-6.2-14.3.C30mdk.src.rpm

Corporate Server 3.0/x86_64:
fafa8df15c0676711e63689bd5d11de1
x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.3.C30mdk.x86_64.rpm
7c088d76fb877d54d90a905a5c5ab52a
x86_64/corporate/3.0/RPMS/vim-common-6.2-14.3.C30mdk.x86_64.rpm
d125cc150934654a157ec5671ecc678b
x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.3.C30mdk.x86_64.rpm
a9ce3a8cc79cb9d852de8cd4e1bed07d
x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.3.C30mdk.x86_64.rpm
cce31946fe7b92757d3eaad0cea7e753
x86_64/corporate/3.0/SRPMS/vim-6.2-14.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFCAXlAmqjQ0CJFipgRAhL7AJdm2F7Yho1bG5Qw7owt2wc2LWHvAJ9gD/78
M5oXt4nsE9BE+StGmDSLGA==
=tcLS
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung