From martin.pitt@canonical.com Tue Jul 26 11:20:44 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Tue, 26 Jul 2005 15:42:54 +0200 Subject: [USN-154-1] vim vulnerability =========================================================== Ubuntu Security Notice USN-154-1 July 26, 2005 vim vulnerability http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: kvim kvim-perl kvim-python kvim-tcl vim vim-gnome vim-gtk vim-lesstif vim-perl vim-python vim-tcl The problem can be corrected by upgrading the affected package to version 1:6.3-025+1ubuntu2.3 (for Ubuntu 4.10), or 1:6.3-046+1ubuntu7.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Georgi Guninski discovered that it was possible to construct Vim modelines that execute arbitrary shell commands by wrapping them in glob() or expand() function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user's privileges. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.diff.gz Size/MD5: 425402 46df91478804bd8012a9668c586cbcb9 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.dsc Size/MD5: 1122 a704610235ce19ca0543972f3bf3d7b0 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.3_all.deb Size/MD5: 3421110 e3b442a4a638156fbc42cfc12a5af52d http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.3_all.deb Size/MD5: 1646908 0f4b3523857e3c6fa89d0ca1637114c9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 2586 e8509546623b703acdb8638f9f26c3e5 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 805746 016a733b0545c73a3a78f28d2680f935 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 802474 8bb3bb58053c7c2170ec3a1dd587e505 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 784112 8c8566c6beb776582eec475a68826823 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 809150 3e660c1659fb8b5ceef3b63fdec54efb http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 802482 95b7643d58d92f1b75470829ebf15637 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 801214 4f00d2f0f446f2ffa1a6d5bb88b79126 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_amd64.deb Size/MD5: 765242 92db4aa0afedf6560e6d814106fc39bd i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 2582 569dff747e323ffbecc51dfc46231eae http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 702714 b6ccf017bc4ede502cc3f7de2633d8d8 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 700032 9192290f1ee400f32792c018fc400794 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 682460 28ee7bfe4bb7f5db3fc62a913b789e2b http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 707766 c803b8d61f37c1c11b9a6604d6dd7cb3 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 700046 44a50e1630e7fc2f3324c5e9e17967d8 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 699644 0fc4d26312a3efe74c68c179617acaeb http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_i386.deb Size/MD5: 680364 6522a45f622db9606a49f2e279aedd85 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 2586 51bb0268530d68f4d6accd8ac91c6034 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 788070 be7fd4db97ecae833b657212b9fc1192 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 785426 b49f7f79b503b4eb88958a660e2be6de http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 769950 b711cc88b16ad3a1667e875aeb405a1d http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 792554 92782eccb7325d9392b7cae97b8701a7 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 785436 5ffa9b0c49799fa084b0739ea1166a44 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 784680 6a5668dac91865f401fca0500c880696 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_powerpc.deb Size/MD5: 754792 c9883d66dca90ccdae1502f949001021 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.diff.gz Size/MD5: 450699 eeae6f784198638fe22e0fb9b4059526 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.dsc Size/MD5: 1158 e299658c7896e93efc973d7734285c45 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-046+1ubuntu7.1_all.deb Size/MD5: 3422002 cfc4e75008273ad7fecef65edb01b68b http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-046+1ubuntu7.1_all.deb Size/MD5: 1599848 5c1bc833e4476508a2e8883720406b7f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 929292 67231fe6f041e650a7a16818035232ad http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 922458 4acb994818d57741bedeafaa59162f20 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 880502 a78fe2f10d94c2b6b60f356ff4c901d5 http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 922556 24391c4a94fdb951e9e461cdfee9fc87 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 805754 2972c0afcd3bfacd02e86bc9ff317bde http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 803084 014e6c6bcb0a6a0abbe09de6f8ba5505 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 783614 69ca26b900196fc09fdadc8dfdd90632 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 809558 f6c371ca6625e3ce1bf2e8d8469810da http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 803100 85df978e39de3674eb18d37aa3e4611f http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 763210 a26548a49bb3d56eb4998a7c8f9a9f52 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_amd64.deb Size/MD5: 768434 2586fb240bb4d64b26639ee4b7cbb902 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 830852 17c7d608b5bd48562518a55752d83981 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 824368 75cf8bc7d3c14b75f4eb4f6e96eed13c http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 781820 7472daf1c24079b55bafd09c71ee6021 http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 824478 7339ff8e39518ba52f96a2eb3a59a943 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 701422 e09e1d3ec4b3cc62db58235ac3f3d3ac http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 699414 443baeff48ccaea338d36cd1a2fc886c http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 681288 99075faa2aaa28e9b3ed5ba054fd9e77 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 706964 557b4e74547160070dc7d52e8ba01d35 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 699422 078226d68630da3730cfceff27420f38 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 660104 ab1bd893eb7eb1d027da38112af1a196 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_i386.deb Size/MD5: 688162 b040b9a0527aee33789113186ac7a84f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 914962 f1e687aa0600d392f3b2eb1b1da676d1 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 907440 64b803346a6a52315e3eaba6b5c123bd http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 864418 b1ce07cbfe3e161523f148a0dc612b9f http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 907536 0a7cbc632a48118980ce2c0c03723315 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 788114 d78cd2bdd4addd55780f7765734b6a01 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 786034 221063d416add0709f6bb6ccbc160246 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 769730 1944e9137f227f487c64486b48ff8412 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 793164 33b54d6a7f45122eeec12c300adbd836 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 786050 57d16f0c8b161927bbca8febeb05be36 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 745090 f9288ea7b5c161c42b2d8f73600b9a5b http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_powerpc.deb Size/MD5: 757766 fdf7d4727c036b69c3100203df9ba8a7 [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]