Moderate: vim security update

2020-11-0312:06:10

errata.almalinux.org

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode (CVE-2019-20807)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64vim-x11< 8.0.1763-15.el8vim-X11-8.0.1763-15.el8.x86_64.rpm
almalinux8x86_64vim-common< 8.0.1763-15.el8vim-common-8.0.1763-15.el8.x86_64.rpm
almalinux8x86_64vim-enhanced< 8.0.1763-15.el8vim-enhanced-8.0.1763-15.el8.x86_64.rpm
almalinux8noarchvim-filesystem< 8.0.1763-15.el8vim-filesystem-8.0.1763-15.el8.noarch.rpm
almalinux8x86_64vim-minimal< 8.0.1763-15.el8vim-minimal-8.0.1763-15.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	vim-x11	< 8.0.1763-15.el8	vim-X11-8.0.1763-15.el8.x86_64.rpm
almalinux	8	x86_64	vim-common	< 8.0.1763-15.el8	vim-common-8.0.1763-15.el8.x86_64.rpm
almalinux	8	x86_64	vim-enhanced	< 8.0.1763-15.el8	vim-enhanced-8.0.1763-15.el8.x86_64.rpm
almalinux	8	noarch	vim-filesystem	< 8.0.1763-15.el8	vim-filesystem-8.0.1763-15.el8.noarch.rpm
almalinux	8	x86_64	vim-minimal	< 8.0.1763-15.el8	vim-minimal-8.0.1763-15.el8.x86_64.rpm