Amazon Linux 2 Security Advisory: ALAS-2019-1239
Advisory Release Date: 2019-08-07 23:39 Pacific
Advisory Updated Date: 2019-08-27 21:14 Pacific
Severity:
Important
Issue Overview:
It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735)
Affected Packages:
vim
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update 'vim*' to update your system.
New Packages:
aarch64:
vim-common-8.1.1602-1.amzn2.aarch64
vim-minimal-8.1.1602-1.amzn2.aarch64
vim-enhanced-8.1.1602-1.amzn2.aarch64
vim-X11-8.1.1602-1.amzn2.aarch64
vim-debuginfo-8.1.1602-1.amzn2.aarch64
i686:
vim-common-8.1.1602-1.amzn2.i686
vim-minimal-8.1.1602-1.amzn2.i686
vim-enhanced-8.1.1602-1.amzn2.i686
vim-X11-8.1.1602-1.amzn2.i686
vim-debuginfo-8.1.1602-1.amzn2.i686
noarch:
vim-filesystem-8.1.1602-1.amzn2.noarch
src:
vim-8.1.1602-1.amzn2.src
x86_64:
vim-common-8.1.1602-1.amzn2.x86_64
vim-minimal-8.1.1602-1.amzn2.x86_64
vim-enhanced-8.1.1602-1.amzn2.x86_64
vim-X11-8.1.1602-1.amzn2.x86_64
vim-debuginfo-8.1.1602-1.amzn2.x86_64