=========================================================== Ubuntu Security Notice USN-463-1 May 22, 2007 vim vulnerability CVE-2007-2438 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: vim 1:7.0-035+1ubuntu5.1 Ubuntu 7.04: vim 1:7.0-164+1ubuntu7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1.diff.gz Size/MD5: 181454 08ac392fc206986410fd9d4dc56997aa http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1.dsc Size/MD5: 1368 fe5f29c40bf6fdb971527fe51907f8af http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0.orig.tar.gz Size/MD5: 8457888 9ba05680b0719462f653e82720599f32 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_7.0-035+1ubuntu5.1_all.deb Size/MD5: 2033116 c29be2f445dc8bf3c7b2bdc493eead25 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_7.0-035+1ubuntu5.1_all.deb Size/MD5: 88332 59af9db08d1b26342da87d9189672743 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_7.0-035+1ubuntu5.1_all.deb Size/MD5: 6336752 4ee18dda53354017e036b3dabeecf3ae amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 192632 7e4a9e7ef9379252d5f2f4e08f833e1f http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1059324 862f440407e6a3a2df2edd6c9c7e8dc4 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1031686 dd2c1eaaeac39222c772853d254edea5 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1029642 d777de21c76929fdaa73397f24968130 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1033064 717a149681c22512fadb22999ce71e65 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1029660 58b84cb5cbd9e83ab237812fff422a4e http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 1024794 ded136c8dcd05f371014773b225e486b http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 982170 35d329de289b8627529de2d7ce6db667 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 617358 5e1f3cf593d6706cea6401a266910504 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_amd64.deb Size/MD5: 838542 25a6a23ca81ab6751b537b4d85fd6960 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 192334 b7665fc338fd6ebcaf1267fc239f5eb8 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 935750 9173f4537c06507de53b8dbced92d515 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 909532 28100d893e7f93e7885f6c70ccef991d http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 906786 ab69618511120f46359b75c96c29cc30 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 913134 87848f884d7a7fc5bef0db165a088405 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 906798 c391697fdc923ef08f8652d1992cecd0 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 901710 872487b187f717e99b48d4554c7f67f5 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 862220 1a9c312403e1d88b231a96fd5adf3561 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 534516 5e5cd699a8e42850889189c6fb6571e5 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_i386.deb Size/MD5: 735654 f9b7a52555881136c4216c635ddf0cb9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 192686 3815c57ab177cd3f522855caf2d04a7c http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 1024590 2da6912ccc3649e9448bcdd22e4b6cbb http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 996270 cf874c5ac104441b14f571371ea6da7f http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 993932 e8c9160fca40ccf73db8cd6390fff9b7 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 999518 e13bf054daf8ad7049206aeab8ca6cbe http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 993946 3b384e0e9660a7e36a21f66be83b3cdd http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 989276 cc2d1069527f0c0946c2068be51d275f http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 947820 3eea24801ac7fea1861196d84e37a8a9 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 594840 f46bc8af95e8f8ad56c00b92691a5642 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_powerpc.deb Size/MD5: 812510 33ed8a3ddd1d85a75cde631ad18c0cb6 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 192452 c05ff0b18463155208fa6ed74198e4ab http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 960468 4a031c66001d2f96e3cd8f8572723df2 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 933874 916b78d160737ac22f61e156c81443a2 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 931932 233d1a1823e6fc0f2a41cfe57cfdfff5 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 937520 a1b926aaa056c2acf99eedc0de408931 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 931940 f59ebb0ad0afc2703d41b0292fadf535 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 927348 c776a41a98bfe7389b0694108dc89d62 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 885156 0260a322a095badc5457e6e6062e5b1f http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 546380 8c635c0f603795034ab6636d6209d099 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_sparc.deb Size/MD5: 755594 4d636d2f09b064bd497d78ed78325bf2 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1.diff.gz Size/MD5: 327550 fb5ecfb63933c5b6660f9a346c7de7de http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1.dsc Size/MD5: 1513 78d387edf237ca1466778a1b66c05237 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0.orig.tar.gz Size/MD5: 8457888 9ba05680b0719462f653e82720599f32 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_7.0-164+1ubuntu7.1_all.deb Size/MD5: 2038826 cc3d150bcc2c90fa4acfe447f0281e67 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_7.0-164+1ubuntu7.1_all.deb Size/MD5: 146232 01afd1afadfe6dffbfec8ae8024d1aec http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_7.0-164+1ubuntu7.1_all.deb Size/MD5: 5210482 a2fba347af1784e28cac97ce2d1c318f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 186350 10733a53c771b906488d68063069e031 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1081322 fbf8376b0d5423fbc1dec2f3ad1609e3 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1053616 97cd20b52b77d8350c12022acaa90ac7 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1051648 17e23584cd933340e161ca784d879025 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1054890 e1cc86bb423bec3cdb2f6f07abbb9378 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1051658 2842c1d1d0d616a851d3de3854daaf35 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 1046502 fccf926f9ea6004d55ecfd0033350e1d http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 986240 3287ec513a4432fbac94829dc75662b1 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 620004 0ea9ddc6989e5befbfe56add49aa8ef2 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_amd64.deb Size/MD5: 842858 c5a13be7b7948412d4539527912830e6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 186004 813981b88d1a3fd834ab61a7e9b62cad http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 956894 519b11b1043278a99925a8617c3c4b4a http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 929926 0b6953cf5fffa8d1a3fc52efc4809ae0 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 927328 744910078f736ec98af16ff12707ae95 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 933724 f7e3ec3c9142317ccbf45f5b5cedf623 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 927340 433b61f6f12991dff231979cdfe35539 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 922614 a69a3acb7d9d655ecc34533405684ce6 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 864820 e9e6afefcbff72683050009cdd5b4604 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 536588 7a8ba507ec45b8cf88846cf1cee976b7 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_i386.deb Size/MD5: 738414 0f9f2f016295070b690cd8eb50424839 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 186652 05c46a25795854ecc2be6eb1a11ae3c1 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1057630 9b4f3860c47eaff44cbb733aadc7f432 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1027652 30921c690da053b3e67c8e962d38a4a1 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1024594 b1504c555689c42448fa6be06c8467df http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1032266 fd1fa2bc784e9e5f74223022b72089ed http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1024608 e0f1f3ad64cc7c02cec3c96218d5845d http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 1020404 c99a2ebfa4ad71cc328a94ee49a9d775 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 960902 2e0e19934160b180e111a6abb248ec19 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 599418 d0972f552b046271c5e8095574d1558a http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_powerpc.deb Size/MD5: 818328 e8624ce31b467322d806c66a2641866a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 186226 790796fc0a379ee2df2448875115ff0d http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 986210 3f07afdd973033859d984e04df67aeaf http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 959346 ab9c58d62e86713678f498850a170689 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 957308 d8c50574d939909d567e56c7f003e906 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 963268 45fba6e895b4e317d1dcba3b7290b321 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 957332 0ff83426d34765aaf56fc779824bb91c http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 952732 99c8cba9cf132a4837163c5b23bba6d0 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 892564 f46f2260b0779aa2085fc3f261067cbe http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 549282 3e9ad9b444643a02cbac5bb8480c1f52 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_sparc.deb Size/MD5: 759048 c37bfefae4c53c31267ff26e01f5a859
Attachment:
signature.asc
Description: Digital signature