drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in vim-syntastic
Name: |
Ausführen beliebiger Kommandos in vim-syntastic |
|
ID: |
DSA-4261-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Fr, 3. August 2018, 18:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11319 |
|
Applikationen: |
vim-syntastic |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4261-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : vim-syntastic CVE ID : CVE-2018-11319
Enrico Zini discovered a vulnerability in Syntastic, an addon module for the Vim editor that runs a file through external checkers and displays any resulting errors. Config files were looked up in the current working directory which could result in arbitrary shell code execution if a malformed source code file is opened.
For the stable distribution (stretch), this problem has been fixed in version 3.7.0-1+deb9u2.
We recommend that you upgrade your vim-syntastic packages.
For the detailed security status of vim-syntastic please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vim-syntastic
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltkgTUACgkQEMKTtsN8 Tja1vRAAgQUVhLQxjCaHqZT/YE25xSP8Runk8uA8n5BKTqXOuNynRvE7D2V5zd8c HxsA9Bsen5fOrzZPnZAlApZfYqIIIZRGbgKjCP50lnOGIsfYv9h/iCnJg+lkcFHl kf9059Nq2w9prWULLWw5isQfclGP2DmMvYNaI12j7ljeIR9DkTjOrP7B8LrODdwB ztt4YW5n+e+OyyUGLoB0ZNHIaL00c/6IEyAav0B/aA+WtRyiDYMkCWJscsIy0PGI sTLytImDgru+Kgm2x0AYhxFPqIrhe3GslETB6Kos0AKbeDxjLHYOxc8s/dfuFLTk NT3qhSMr+Z3f+xte9BxSbFc5KpQtY4CtoIjbSML8icp0Y1ps7mr0wd4DNc80bVJA 38qvOkieilAHPkOtr8A/QZp40pBU8yAXIv2rG4O4W0EjuMKBtVxLCQ+GA6T8+0ci ysfmsyIMEkNY0jDtFrz2zkQE8TH8bD7UVRN8aY0pwmPFg5/0c11Ayygt52akFYoX DLulDxR1GRY8XzcBXpAazU6k6S9Goyxu+mYRvG8Kz9fhEbiqrBsWuipQQU44Lx2F LQODLauHVQrqADMIeSxkmWh0cgalFMgV4Ruqf5KA9SAT6CxIyzYOhUwndrcfYi6h 4A4dln9EmEH6jf5VxCgndcaHD1nsLxVp8ho6wVDxDY/BTp6hzGs= =qtrn -----END PGP SIGNATURE-----
|
|
|
|