Amazon Linux 1 Security Advisory: ALAS-2019-1239
Advisory Release Date: 2019-07-17 23:30 Pacific
Advisory Updated Date: 2019-08-26 22:17 Pacific
It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735)
Affected Packages:
vim
Issue Correction:
Run yum update 'vim*' to update your system.
i686:
vim-filesystem-8.0.0503-1.46.amzn1.i686
vim-enhanced-8.0.0503-1.46.amzn1.i686
vim-common-8.0.0503-1.46.amzn1.i686
vim-minimal-8.0.0503-1.46.amzn1.i686
vim-debuginfo-8.0.0503-1.46.amzn1.i686
src:
vim-8.0.0503-1.46.amzn1.src
x86_64:
vim-debuginfo-8.0.0503-1.46.amzn1.x86_64
vim-minimal-8.0.0503-1.46.amzn1.x86_64
vim-common-8.0.0503-1.46.amzn1.x86_64
vim-filesystem-8.0.0503-1.46.amzn1.x86_64
vim-enhanced-8.0.0503-1.46.amzn1.x86_64