Slackware Local Security Checks : Slackware: Security Advisory (SSA:2022-269-02)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.13.2022.269.02

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2022-269-02)

Resumen: The remote host is missing an update for the 'vim' package(s) announced via the SSA:2022-269-02 advisory.

Descripción: Summary:
The remote host is missing an update for the 'vim' package(s) announced via the SSA:2022-269-02 advisory.

Vulnerability Insight:
New vim packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/vim-9.0.0594-i586-1_slack15.0.txz: Upgraded.
Fixed stack-based buffer overflow.
Thanks to marav for the heads-up.
In addition, Mig21 pointed out an issue where the defaults.vim file might
need to be edited for some purposes as its contents will override the
settings in the system-wide vimrc. Usually this file is replaced whenever
vim is upgraded, which in those situations would be inconvenient for the
admin. So, I've added support for a file named defaults.vim.custom which
(if it exists) will be used instead of the defaults.vim file shipped in
the packages and will persist through upgrades.
For more information, see:
[link moved to references]
(* Security fix *)
patches/packages/vim-gvim-9.0.0594-i586-1_slack15.0.txz: Upgraded.
+--------------------------+

Affected Software/OS:
'vim' package(s) on Slackware 15.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-3296
https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
https://security.gentoo.org/glsa/202305-16
https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2022.269.02
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2022-269-02)
Resumen:	The remote host is missing an update for the 'vim' package(s) announced via the SSA:2022-269-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the SSA:2022-269-02 advisory. Vulnerability Insight: New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/vim-9.0.0594-i586-1_slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21 pointed out an issue where the defaults.vim file might need to be edited for some purposes as its contents will override the settings in the system-wide vimrc. Usually this file is replaced whenever vim is upgraded, which in those situations would be inconvenient for the admin. So, I've added support for a file named defaults.vim.custom which (if it exists) will be used instead of the defaults.vim file shipped in the packages and will persist through upgrades. For more information, see: [link moved to references] (* Security fix *) patches/packages/vim-gvim-9.0.0594-i586-1_slack15.0.txz: Upgraded. +--------------------------+ Affected Software/OS: 'vim' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/ https://security.gentoo.org/glsa/202305-16 https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be
Copyright	Copyright (C) 2022 Greenbone AG