NS-SA-2023-0098

简介

moderate: python-lxml/vim security update

严重级别

moderate

主题

An update for python-lxml/vim is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

python-lxml: lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go to the project home page < or see our bug tracker at case you want to use the current ... Python 3 version.
vim: VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. If you are installing vim-enhanced or vim-X11, you'll also need to install the vim-common package.


Security Fix(es):
python-lxml: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can occur because the HTML Cleaner did not remove scripts within SVG images in data URLs such as . XSS can result in impacts to the integrity and availability of the web page, as well as a potential impact to data confidentiality in some circumstances.(CVE-2021-43818)
python-lxml: bugfix
vim: A flaw was found in vim. The vulnerability occurs due to illegal memory access when copying lines in visual mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-0361)
vim: A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.(CVE-2022-1154)
vim: A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-1927)
vim: A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability.(CVE-2021-4019)
vim: A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability.(CVE-2021-3984)
vim: A flaw was found in vim. The vulnerability occurs due to illegal memory access with bracketed paste in Ex mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-0392)
vim: A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vim_strncpy find_word function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim.(CVE-2022-1621)
vim: A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-0413)
vim: A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution.(CVE-2022-0261)
vim: A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-1897)
vim: It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors.(CVE-2021-4192)
vim: A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large 'tabstop' in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-0359)
vim: A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-1785)
vim: A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3796)
vim: An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.(CVE-2021-3872)
vim: A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.(CVE-2022-0318)
vim: A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3778)
vim: A flaw was found in vim, where it is vulnerable to a buffer over-read in the find_next_quote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim.(CVE-2022-1629)
vim: It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory.(CVE-2021-4193)
vim: A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. Interfaces such as Python, Ruby, and Lua, are also disabled, as they can be used to execute shell commands. Perl uses the Safe module.(CVE-2019-20807)
vim: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.02B5.

影响组件

• python-lxml
• vim

影响产品

• CGSL MAIN 6.06

更新包

CVE

• CVE-2021-43818
• CVE-2022-0361
• CVE-2022-1154
• CVE-2022-1927
• CVE-2021-4019
• CVE-2021-3984
• CVE-2022-0392
• CVE-2022-1621
• CVE-2022-0413
• CVE-2022-0261
• CVE-2022-1897
• CVE-2021-4192
• CVE-2022-0359
• CVE-2022-1785
• CVE-2021-3796
• CVE-2021-3872
• CVE-2022-0318
• CVE-2021-3778
• CVE-2022-1629
• CVE-2021-4193
• CVE-2019-20807

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43818
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0361
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1154
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0392
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1621
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0413
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0261
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1897
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4192
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0359
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1785
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3796
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3872
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0318
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3778
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1629
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4193
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20807