You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa neovim

Sigurnosni nedostatak programskog paketa neovim

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4487-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2019 https://www.debian.org/security/faq
– ————————————————————————-

Package : neovim
CVE ID : CVE-2019-12735

User “Arminius” discovered a vulnerability in Vim, an enhanced version of the
standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an
extensible editor focused on modern code and features:

Editors typically provide a way to embed editor configuration commands (aka
modelines) which are executed once a file is opened, while harmful commands
are filtered by a sandbox mechanism. It was discovered that the “source”
command (used to include and execute another file) was not filtered, allowing
shell command execution with a carefully crafted file opened in Neovim.

For the oldstable distribution (stretch), this problem has been fixed
in version 0.1.7-4+deb9u1.

We recommend that you upgrade your neovim packages.

For the detailed security status of neovim please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/neovim

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl03eFwACgkQEMKTtsN8
TjZEqw//Yh28fhXy/mKagZmAg1TFkflzYkQ/e0iVYNXsM8h216IvK91KsG+F45Op
linrfocsqRwvn06jipKXEy4p9usQTz/RI91OxjqKTmc/5y/o9te5E/tJ/PgzHJxM
8L1x0yyDox8ZRbnoWtSshfk6tGJSvPO/lPd2Ltf+vxUm0uTJlaOe269gC4C6MViA
aVXPoJ1tLdFzs09vtg7h5joVN1bQ52Ui+jJvGzVeNjtry+lu5H1rvVR+AZeq2m/O
DM3y+eEfMwsJBtrP290ACwzc5RXk5s4IH3yWHlA1glQ8dV4JwJXpbzgKt8JJGkoZ
dvzRYY4rTarfxvagioptK1/WbiV8d8/qRIDnJcTzHLn3Wtmr3cuuYpw8Jn1AH7g/
Z4Qw/Na34fG96Zc4QdauHXsl4lEZ6XF50MVclrytoStsGL6A5yT1QgxLxE0ss97S
XepstVi/F93rBHqQRwJ5ctwNcYGKuZIbYzeaUkuyU6Ir6bA9Ctq6BIzt/eAZjdXb
PBsl8SvsNwDlLjOysWHXyimG0MeN60U7LslTWXJf//dSka3sohXNxNPuprvCBxXE
hrAMrFb6WAU2NPThBwlA08o/lo9c7xCnA/WrOTfcnZ7gsr2kySTp+jNLMjdTBObh
RmZJG4duKeKn9xpjKxAV/DDaS9P8VnM8jNK3S7Oseg+YeKNe5Uk=
=SytE
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libgcrypt

Otkriven je sigurnosni nedostatak programske biblioteke libgcrypt za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje otkrivanje osjetljivih informacija....

Close