 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Mon 20 Jan 2020, 23:55 All times are UTC - 4 |
 Forum index » Taking the Puppy out for a walk » Announcements |
|
Vim CVE-2019-12735 WARNINGS
Moderators: Flash, Ian, JohnMurga |
 
|
View previous topic :: View next topic |
| Page 1 of 1 [2 Posts] |
| Author | Message | ||||||
|---|---|---|---|---|---|---|---|
|
scsijon
Joined: 23 May 2007 Posts: 1561 Location: the australian mallee |
copied from my LFS mail system -------------------------------------------- Subject: [lfs-dev] Vim CVE-2019-12735 Message-ID: <20190614221658.GA31361@milliways.localdomain> Content-Type: text/plain; charset=utf-8 It is possible for a remote attacker to execute arbitrary OS commands in vim up to version 8.1.1364 via the :source! command in a modeline of a malicious file (all you have to do is open the file in vim). A workaround is to disable modelines in vimrc : set nomodeline I could tell you that there is a "good" version of vim (8.1.1529 which was current when I cloned it) in my webspace at higgs, but if you were to just use that then you have bigger security problems (unverified source). If you need an urgent fix, the upstream mercurial repository is at https://www.vim.org/mercurial.php The individual change which fixed this adds a new test to check it works, and that relies on earlier changes since 8.1. Also, if running the tests as root (chroot) some tests will fail. So, for the moment "please be aware". ĸen ---------------------------------------- regards scsijon |
||||||
|
|||||||
 |
|||||||
rufwoof
 Joined: 24 Feb 2014 Posts: 3711 |
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md suggests editing your vimrc to include
Further reference material here https://arstechnica.com/information-technology/2019/06/if-you-havent-patched-vim-or-neovim-text-editors-you-really-really-should/ Standard X (should) come with vi installed. Many pup's don't, but often have vi in busybox. Neither of which are affected afaik. Just vim and neovim (derivative of vim). _________________ ( ͡° ͜ʖ ͡°) :wq Fatdog multi-session usb echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh |
||||||
|
|||||||
|
|||||||
Vim CVE-2019-12735 WARNINGS
| Page 1 of 1 [2 Posts] |
|
|
View previous topic :: View next topic |
|
Forum index » Taking the Puppy out for a walk » Announcements |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group