 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2017.0275 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2017-0275) |
| Summary: | The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2017-0275 advisory. |
| Description: | Summary: The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2017-0275 advisory. Vulnerability Insight: Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened (CVE-2016-1248). A vulnerability has been discovered in Vim where a malformed spell file could cause an integer overflow which is used as the size for memory allocation, resulting in a subsequent buffer overflow (CVE-2017-5953). An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files (CVE-2017-6349). An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files (CVE-2017-6350). Affected Software/OS: 'vim' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1248 BugTraq ID: 94478 http://www.securityfocus.com/bid/94478 Debian Security Information: DSA-3722 (Google Search) http://www.debian.org/security/2016/dsa-3722 https://security.gentoo.org/glsa/201701-29 https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html RedHat Security Advisories: RHSA-2016:2972 http://rhn.redhat.com/errata/RHSA-2016-2972.html http://www.securitytracker.com/id/1037338 http://www.ubuntu.com/usn/USN-3139-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-5953 BugTraq ID: 96217 http://www.securityfocus.com/bid/96217 Debian Security Information: DSA-3786 (Google Search) http://www.debian.org/security/2017/dsa-3786 https://security.gentoo.org/glsa/201706-26 https://usn.ubuntu.com/4016-1/ https://usn.ubuntu.com/4309-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6349 BugTraq ID: 96451 http://www.securityfocus.com/bid/96451 https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y http://www.securitytracker.com/id/1037949 Common Vulnerability Exposure (CVE) ID: CVE-2017-6350 BugTraq ID: 96448 http://www.securityfocus.com/bid/96448 https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |