ALAS-2019-1239


Amazon Linux AMI Security Advisory: ALAS-2019-1239
Advisory Release Date: 2019-08-26 22:17 Pacific
Severity: Important
References: CVE-2019-12735 

Issue Overview:

It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735 )


Affected Packages:

vim


Issue Correction:
Run yum update 'vim*' to update your system.

New Packages:
i686:
    vim-filesystem-8.0.0503-1.46.amzn1.i686
    vim-enhanced-8.0.0503-1.46.amzn1.i686
    vim-common-8.0.0503-1.46.amzn1.i686
    vim-minimal-8.0.0503-1.46.amzn1.i686
    vim-debuginfo-8.0.0503-1.46.amzn1.i686

src:
    vim-8.0.0503-1.46.amzn1.src

x86_64:
    vim-debuginfo-8.0.0503-1.46.amzn1.x86_64
    vim-minimal-8.0.0503-1.46.amzn1.x86_64
    vim-common-8.0.0503-1.46.amzn1.x86_64
    vim-filesystem-8.0.0503-1.46.amzn1.x86_64
    vim-enhanced-8.0.0503-1.46.amzn1.x86_64