Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in vim-syntastic
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in vim-syntastic
ID: DSA-4261-1
Distribution: Debian
Plattformen: Debian stretch
Datum: Fr, 3. August 2018, 18:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11319
Applikationen: vim-syntastic

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4261-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : vim-syntastic
CVE ID : CVE-2018-11319

Enrico Zini discovered a vulnerability in Syntastic, an addon
module for the Vim editor that runs a file through external checkers
and displays any resulting errors. Config files were looked up in the
current working directory which could result in arbitrary
shell code execution if a malformed source code file is opened.

For the stable distribution (stretch), this problem has been fixed in
version 3.7.0-1+deb9u2.

We recommend that you upgrade your vim-syntastic packages.

For the detailed security status of vim-syntastic please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vim-syntastic

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltkgTUACgkQEMKTtsN8
Tja1vRAAgQUVhLQxjCaHqZT/YE25xSP8Runk8uA8n5BKTqXOuNynRvE7D2V5zd8c
HxsA9Bsen5fOrzZPnZAlApZfYqIIIZRGbgKjCP50lnOGIsfYv9h/iCnJg+lkcFHl
kf9059Nq2w9prWULLWw5isQfclGP2DmMvYNaI12j7ljeIR9DkTjOrP7B8LrODdwB
ztt4YW5n+e+OyyUGLoB0ZNHIaL00c/6IEyAav0B/aA+WtRyiDYMkCWJscsIy0PGI
sTLytImDgru+Kgm2x0AYhxFPqIrhe3GslETB6Kos0AKbeDxjLHYOxc8s/dfuFLTk
NT3qhSMr+Z3f+xte9BxSbFc5KpQtY4CtoIjbSML8icp0Y1ps7mr0wd4DNc80bVJA
38qvOkieilAHPkOtr8A/QZp40pBU8yAXIv2rG4O4W0EjuMKBtVxLCQ+GA6T8+0ci
ysfmsyIMEkNY0jDtFrz2zkQE8TH8bD7UVRN8aY0pwmPFg5/0c11Ayygt52akFYoX
DLulDxR1GRY8XzcBXpAazU6k6S9Goyxu+mYRvG8Kz9fhEbiqrBsWuipQQU44Lx2F
LQODLauHVQrqADMIeSxkmWh0cgalFMgV4Ruqf5KA9SAT6CxIyzYOhUwndrcfYi6h
4A4dln9EmEH6jf5VxCgndcaHD1nsLxVp8ho6wVDxDY/BTp6hzGs=
=qtrn
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung