安全公告详情

NS-SA-2021-0074

2021-03-09 14:30:32

简介

moderate: gnutls/vim security update

严重级别

moderate

主题

An update for gnutls/vim is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

gnutls: This package provides debug information for package gnutls. Debug information is useful when developing applications that use this package or when debugging this package.
vim: This package provides debug information for package vim. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
gnutls: A flaw was found in GnuTLS, where the server can trigger the client to run into heap buffer overflow if a no_renegotiation alert is sent in an unexpected timing. This flaw allows the client to crash at the session deinitialization timing. The highest threat from this vulnerability is to system availability.(CVE-2020-24659)
gnutls: bugfix
vim: A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. Interfaces such as Python, Ruby, and Lua, are also disabled, as they can be used to execute shell commands. Perl uses the Safe module.(CVE-2019-20807)
vim: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.50B5.

影响组件

  • gnutls
  • vim

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["gnutls-debuginfo-3.6.14-7.el8_3.x86_64.rpm","gnutls-utils-debuginfo-3.6.14-7.el8_3.x86_64.rpm","gnutls-c++-debuginfo-3.6.14-7.el8_3.x86_64.rpm","gnutls-3.6.14-7.el8_3.x86_64.rpm","gnutls-dane-debuginfo-3.6.14-7.el8_3.x86_64.rpm","gnutls-debugsource-3.6.14-7.el8_3.x86_64.rpm","gnutls-c++-3.6.14-7.el8_3.x86_64.rpm","gnutls-dane-3.6.14-7.el8_3.x86_64.rpm","gnutls-devel-3.6.14-7.el8_3.x86_64.rpm","gnutls-utils-3.6.14-7.el8_3.x86_64.rpm"],"source":"gnutls-3.6.14-7.el8_3.src.rpm"},{"binary":["vim-debuginfo-8.0.1763-15.el8.x86_64.rpm","vim-debugsource-8.0.1763-15.el8.x86_64.rpm","vim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm","vim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm","vim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm","vim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm","vim-minimal-8.0.1763-15.el8.x86_64.rpm","vim-enhanced-8.0.1763-15.el8.x86_64.rpm","vim-common-8.0.1763-15.el8.x86_64.rpm","vim-X11-8.0.1763-15.el8.x86_64.rpm","vim-filesystem-8.0.1763-15.el8.noarch.rpm"],"source":"vim-8.0.1763-15.el8.src.rpm"}]}]}

CVE

参考