Advisory: CLSA-2023:1695320045
OS: Ubuntu 16.04 ELS
Public date: 2023-09-21 14:14:07
Project: vim
Version: 3:7.4.1689-3ubuntu1.5+tuxcare.els46
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2023-1695320045.html
* SECURITY UPDATE: An executable file with some well-known name like zip, gzip, and so on can be started from a current directory during some plugin is opening apropriate file that has a one of the extensions .zip, .gzip, .rb, and etc. This issue is effective only if the PATH environment variable has a ./ (dot) as one element in the path list - debian/patches/CVE-2023-4736.patch: avoid starting executable from a current directory for some plugins - CVE-2023-4736
Update command: apt-get update apt-get --only-upgrade install vim*
vim_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-common_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els46_all.deb vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els46_all.deb vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els46_all.deb vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els46_amd64.deb