moderate: gnutls/vim security update
An update for gnutls/vim is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
gnutls: This package provides debug information for package gnutls. Debug information is useful when developing applications that use this package or when debugging this package.
vim: This package provides debug information for package vim. Debug information is useful when developing applications that use this package or when debugging this package.
gnutls: A flaw was found in GnuTLS, where the server can trigger the client to run into heap buffer overflow if a no_renegotiation alert is sent in an unexpected timing. This flaw allows the client to crash at the session deinitialization timing. The highest threat from this vulnerability is to system availability.(CVE-2020-24659)
vim: A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. Interfaces such as Python, Ruby, and Lua, are also disabled, as they can be used to execute shell commands. Perl uses the Safe module.(CVE-2019-20807)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Remember the build tag is 6.02.50B5.