[USN-463-1] vim vulnerability

[Kees Cook <kees@xxxxxxxxxx>]

=========================================================== 
Ubuntu Security Notice USN-463-1               May 22, 2007
vim vulnerability
CVE-2007-2438
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  vim                                      1:7.0-035+1ubuntu5.1

Ubuntu 7.04:
  vim                                      1:7.0-164+1ubuntu7.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tomas Golembiovsky discovered that some vim commands were accidentally
allowed in modelines.  By tricking a user into opening a specially
crafted file in vim, an attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1.diff.gz
      Size/MD5:   181454 08ac392fc206986410fd9d4dc56997aa
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1.dsc
      Size/MD5:     1368 fe5f29c40bf6fdb971527fe51907f8af
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0.orig.tar.gz
      Size/MD5:  8457888 9ba05680b0719462f653e82720599f32

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_7.0-035+1ubuntu5.1_all.deb
      Size/MD5:  2033116 c29be2f445dc8bf3c7b2bdc493eead25
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_7.0-035+1ubuntu5.1_all.deb
      Size/MD5:    88332 59af9db08d1b26342da87d9189672743
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_7.0-035+1ubuntu5.1_all.deb
      Size/MD5:  6336752 4ee18dda53354017e036b3dabeecf3ae

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:   192632 7e4a9e7ef9379252d5f2f4e08f833e1f
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1059324 862f440407e6a3a2df2edd6c9c7e8dc4
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1031686 dd2c1eaaeac39222c772853d254edea5
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1029642 d777de21c76929fdaa73397f24968130
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1033064 717a149681c22512fadb22999ce71e65
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1029660 58b84cb5cbd9e83ab237812fff422a4e
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:  1024794 ded136c8dcd05f371014773b225e486b
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:   982170 35d329de289b8627529de2d7ce6db667
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:   617358 5e1f3cf593d6706cea6401a266910504
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_amd64.deb
      Size/MD5:   838542 25a6a23ca81ab6751b537b4d85fd6960

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   192334 b7665fc338fd6ebcaf1267fc239f5eb8
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   935750 9173f4537c06507de53b8dbced92d515
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   909532 28100d893e7f93e7885f6c70ccef991d
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   906786 ab69618511120f46359b75c96c29cc30
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   913134 87848f884d7a7fc5bef0db165a088405
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   906798 c391697fdc923ef08f8652d1992cecd0
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   901710 872487b187f717e99b48d4554c7f67f5
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   862220 1a9c312403e1d88b231a96fd5adf3561
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   534516 5e5cd699a8e42850889189c6fb6571e5
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_i386.deb
      Size/MD5:   735654 f9b7a52555881136c4216c635ddf0cb9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   192686 3815c57ab177cd3f522855caf2d04a7c
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:  1024590 2da6912ccc3649e9448bcdd22e4b6cbb
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   996270 cf874c5ac104441b14f571371ea6da7f
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   993932 e8c9160fca40ccf73db8cd6390fff9b7
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   999518 e13bf054daf8ad7049206aeab8ca6cbe
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   993946 3b384e0e9660a7e36a21f66be83b3cdd
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   989276 cc2d1069527f0c0946c2068be51d275f
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   947820 3eea24801ac7fea1861196d84e37a8a9
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   594840 f46bc8af95e8f8ad56c00b92691a5642
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_powerpc.deb
      Size/MD5:   812510 33ed8a3ddd1d85a75cde631ad18c0cb6

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   192452 c05ff0b18463155208fa6ed74198e4ab
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   960468 4a031c66001d2f96e3cd8f8572723df2
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   933874 916b78d160737ac22f61e156c81443a2
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   931932 233d1a1823e6fc0f2a41cfe57cfdfff5
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   937520 a1b926aaa056c2acf99eedc0de408931
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   931940 f59ebb0ad0afc2703d41b0292fadf535
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   927348 c776a41a98bfe7389b0694108dc89d62
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   885156 0260a322a095badc5457e6e6062e5b1f
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   546380 8c635c0f603795034ab6636d6209d099
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-035+1ubuntu5.1_sparc.deb
      Size/MD5:   755594 4d636d2f09b064bd497d78ed78325bf2

Updated packages for Ubuntu 7.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1.diff.gz
      Size/MD5:   327550 fb5ecfb63933c5b6660f9a346c7de7de
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1.dsc
      Size/MD5:     1513 78d387edf237ca1466778a1b66c05237
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0.orig.tar.gz
      Size/MD5:  8457888 9ba05680b0719462f653e82720599f32

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_7.0-164+1ubuntu7.1_all.deb
      Size/MD5:  2038826 cc3d150bcc2c90fa4acfe447f0281e67
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_7.0-164+1ubuntu7.1_all.deb
      Size/MD5:   146232 01afd1afadfe6dffbfec8ae8024d1aec
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_7.0-164+1ubuntu7.1_all.deb
      Size/MD5:  5210482 a2fba347af1784e28cac97ce2d1c318f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:   186350 10733a53c771b906488d68063069e031
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1081322 fbf8376b0d5423fbc1dec2f3ad1609e3
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1053616 97cd20b52b77d8350c12022acaa90ac7
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1051648 17e23584cd933340e161ca784d879025
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1054890 e1cc86bb423bec3cdb2f6f07abbb9378
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1051658 2842c1d1d0d616a851d3de3854daaf35
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:  1046502 fccf926f9ea6004d55ecfd0033350e1d
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:   986240 3287ec513a4432fbac94829dc75662b1
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:   620004 0ea9ddc6989e5befbfe56add49aa8ef2
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_amd64.deb
      Size/MD5:   842858 c5a13be7b7948412d4539527912830e6

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   186004 813981b88d1a3fd834ab61a7e9b62cad
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   956894 519b11b1043278a99925a8617c3c4b4a
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   929926 0b6953cf5fffa8d1a3fc52efc4809ae0
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   927328 744910078f736ec98af16ff12707ae95
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   933724 f7e3ec3c9142317ccbf45f5b5cedf623
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   927340 433b61f6f12991dff231979cdfe35539
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   922614 a69a3acb7d9d655ecc34533405684ce6
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   864820 e9e6afefcbff72683050009cdd5b4604
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   536588 7a8ba507ec45b8cf88846cf1cee976b7
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_i386.deb
      Size/MD5:   738414 0f9f2f016295070b690cd8eb50424839

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:   186652 05c46a25795854ecc2be6eb1a11ae3c1
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1057630 9b4f3860c47eaff44cbb733aadc7f432
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1027652 30921c690da053b3e67c8e962d38a4a1
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1024594 b1504c555689c42448fa6be06c8467df
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1032266 fd1fa2bc784e9e5f74223022b72089ed
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1024608 e0f1f3ad64cc7c02cec3c96218d5845d
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:  1020404 c99a2ebfa4ad71cc328a94ee49a9d775
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:   960902 2e0e19934160b180e111a6abb248ec19
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:   599418 d0972f552b046271c5e8095574d1558a
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_powerpc.deb
      Size/MD5:   818328 e8624ce31b467322d806c66a2641866a

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   186226 790796fc0a379ee2df2448875115ff0d
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-full_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   986210 3f07afdd973033859d984e04df67aeaf
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   959346 ab9c58d62e86713678f498850a170689
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   957308 d8c50574d939909d567e56c7f003e906
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   963268 45fba6e895b4e317d1dcba3b7290b321
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   957332 0ff83426d34765aaf56fc779824bb91c
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   952732 99c8cba9cf132a4837163c5b23bba6d0
    
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   892564 f46f2260b0779aa2085fc3f261067cbe
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   549282 3e9ad9b444643a02cbac5bb8480c1f52
    
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_7.0-164+1ubuntu7.1_sparc.deb
      Size/MD5:   759048 c37bfefae4c53c31267ff26e01f5a859

Attachment: signature.asc
Description: Digital signature