You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa neovim

Sigurnosni nedostatak programskog paketa neovim

openSUSE Security Update: Security update for neovim
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1759-1
Rating: important
References: #1137443
Cross-References: CVE-2019-12735
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for neovim fixes the following issues:

neovim was updated to version 0.3.7:

* CVE-2019-12735: source should check sandbox (boo#1137443)
* genappimage.sh: migrate to linuxdeploy

Version Update to version 0.3.5:

* options: properly reset directories on ‘autochdir’
* Remove MSVC optimization workaround for SHM_ALL
* Make SHM_ALL to a variable instead of a compound literal #define
* doc: mention “pynvim” module rename
* screen: don’t crash when drawing popupmenu with ‘rightleft’ option
* look-behind match may use the wrong line number
* :terminal : set topline based on window height
* :recover : Fix crash on non-existent *.swp

Version Update to version 0.3.4:

* test: add tests for conceal cursor movement
* display: unify ursorline and concealcursor redraw logic

Version Update to version 0.3.3:

* health/provider: Check for available pynvim when neovim mod is missing
* python#CheckForModule: Use the given module string instead of
hard-coding pynvim
* (health.provider)/python: Import the neovim, rather than pynvim, module
* TUI: Konsole DECSCUSR fixup

Version Update to version 0.3.2:-

* Features

– clipboard: support Custom VimL functions (#9304)
– win/TUI: improve terminal/console support (#9401)
– startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
– support mapping in more places (#9299)
– diff/highlight: show underline for low-priority CursorLine (#9028)
– signs: Add “nuhml” argument (#9113)
– clipboard: support Wayland (#9230)
– TUI: add support for undercurl and underline color (#9052)
– man.vim: soft (dynamic) wrap (#9023)

* API

– API: implement object namespaces (#6920)
– API: implement nvim_win_set_buf() (#9100)
– API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
– API: add nvim_buf_is_loaded() (#8660)
– API: nvm_buf_get_offset_for_line (#8221)
– API/UI: ext_newgrid, ext_histate (#8221)

* UI

– TUI: use BCE again more often (smoother resize) (#8806)
– screen: add missing status redraw when redraw_later(CLEAR) was used
(#9315)
– TUI: clip invalid regions on resize (#8779)
– TUI: improvements for scrolling and clearing (#9193)
– TUI: disable clearing almost everywhere (#9143)
– TUI: always use safe cursor movement after resize (#9079)
– ui_options: also send when starting or from OptionSet (#9211)
– TUI: Avoid reset_color_cursor_color in old VTE (#9191)
– Don’t erase screen on :hi Normal during startup (#9021)
– TUI: Hint wrapped lines to terminals (#8915)

* FIXES

– RPC: turn errors from async calls into notifications
– TUI: Restore terminal title via “title stacking” (#9407)
– genappimage: Unset $ARGV0 at invocation (#9376)
– TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
– provider: improve error message (#9344)
– runtime/syntax: Fix highlighting of autogroup contents (#9328)
– VimL/confirm(): Show dialog even if :silent (#9297)
– clipboard: prefer xclip (#9302)
– provider/nodejs: fix npm, yarn detection
– channel: avoid buffering output when only terminal is active (#9218)
– ruby: detect rbenv shims for other versions (#8733)
– third party/unibilium: Fix parsing of extended capabilitiy entries
(#9123)
– jobstart(): Fix hang on non-executable cwd (#9204)
– provide/nodejs: Simultaneously query npm and yarn (#9054)
– undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
– ‘swapfile: always show dialog’ (#9034)

– Add to the system-wide configuration file extension of runtimepath by
/usr/share/vim/site, so that neovim uses other Vim plugins installed
from packages.

– Add /usr/share/vim/site tree of directories to be owned by neovim as
well.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1759=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1759=1

Package List:

– openSUSE Leap 15.1 (x86_64):

neovim-0.3.7-lp151.2.7.1
neovim-debuginfo-0.3.7-lp151.2.7.1
neovim-debugsource-0.3.7-lp151.2.7.1

– openSUSE Leap 15.1 (noarch):

neovim-lang-0.3.7-lp151.2.7.1

– openSUSE Leap 15.0 (x86_64):

neovim-0.3.7-lp150.13.1
neovim-debuginfo-0.3.7-lp150.13.1
neovim-debugsource-0.3.7-lp150.13.1

– openSUSE Leap 15.0 (noarch):

neovim-lang-0.3.7-lp150.13.1

References:

https://www.suse.com/security/cve/CVE-2019-12735.html
https://bugzilla.suse.com/1137443


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke python-requests

Otkriven je sigurnosni nedostatak programske biblioteke python-requests za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close