USN-3139-1: Vim vulnerability | Cloud Foundry

ID CFOUNDRY:0E8B8BC871B00C0A8672039E74B869EC
Type cloudfoundry
Reporter Cloud Foundry
Modified 2016-12-14T00:00:00


USN-3139-1: Vim vulnerability



Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS


Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user’s privileges.

Affected Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • All versions prior to 3151.5
    • 3233.x versions prior to 3233.6
    • 3263.x versions prior to 3263.12
    • 3312.x versions prior to 3312.7
    • All other versions
  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.92.0


Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
    • Upgrade all lower versions of 3151.x to version 3151.5
    • Upgrade all lower versions of 3233.x to version 3233.6
    • Upgrade all lower versions of 3263.x to version 3263.12
    • Upgrade all lower versions of 3312.x to version 3312.7
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.92.0 or later versions


Florian Larysch


  • <>