安全公告详情

NS-SA-2023-0068

2023-05-26 13:38:39

简介

important: gettext/vim security update

严重级别

important

主题

An update for gettext/vim is now available for NewStart CGSL MAIN 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

gettext: This package contains all development related files necessary for developing or compiling applications/libraries that needs internationalization capability. You also need this package if you want to add gettext support for your project.
vim: VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-minimal package includes a minimal version of VIM, which is installed into /bin/vi for use when only the root partition is present. NOTE: The online help is only available when the vim-common package is installed.


Security Fix(es):
gettext: An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751)
gettext: bugfix
vim: It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735)
vim: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F49B5.

影响组件

  • gettext
  • vim

影响产品

  • CGSL MAIN 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["gettext-devel-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm","gettext-libs-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm","emacs-gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.noarch.rpm","gettext-debuginfo-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm","gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm","gettext-common-devel-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.noarch.rpm"],"source":"gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.src.rpm"},{"binary":["vim-common-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm","vim-X11-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm","vim-filesystem-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm","vim-minimal-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm","vim-enhanced-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm","vim-debuginfo-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm"],"source":"vim-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.src.rpm"}]}]}
CGSL MAIN 5.04
  • gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.src.rpm
    • gettext-devel-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm
    • gettext-libs-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm
    • emacs-gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.noarch.rpm
    • gettext-debuginfo-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm
    • gettext-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.x86_64.rpm
    • gettext-common-devel-0.19.8.1-3.el7.cgslv5_4.0.1.gdf652da.noarch.rpm
  • vim-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.src.rpm
    • vim-common-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm
    • vim-X11-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm
    • vim-filesystem-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm
    • vim-minimal-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm
    • vim-enhanced-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm
    • vim-debuginfo-7.4.160-6.el7_6.cgslv5_4.0.2.gfd70d03.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108