Debian Local Security Checks : Debian Security Advisory DSA 4487-1 (neovim

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704487

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4487-1 (neovim - security update)

Zusammenfassung: The remote host is missing an update for the 'neovim'; package(s) announced via the DSA-4487-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'neovim'
package(s) announced via the DSA-4487-1 advisory.

Vulnerability Insight:
User Arminius
discovered a vulnerability in Vim, an enhanced version of the
standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an
extensible editor focused on modern code and features:

Editors typically provide a way to embed editor configuration commands (aka
modelines) which are executed once a file is opened, while harmful commands
are filtered by a sandbox mechanism. It was discovered that the source

command (used to include and execute another file) was not filtered, allowing
shell command execution with a carefully crafted file opened in Neovim.

Affected Software/OS:
'neovim' package(s) on Debian Linux.

Solution:
For the oldstable distribution (stretch), this problem has been fixed
in version 0.1.7-4+deb9u1.

We recommend that you upgrade your neovim packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-12735

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704487
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4487-1 (neovim - security update)
Zusammenfassung:	The remote host is missing an update for the 'neovim'; package(s) announced via the DSA-4487-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'neovim' package(s) announced via the DSA-4487-1 advisory. Vulnerability Insight: User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened, while harmful commands are filtered by a sandbox mechanism. It was discovered that the source command (used to include and execute another file) was not filtered, allowing shell command execution with a carefully crafted file opened in Neovim. Affected Software/OS: 'neovim' package(s) on Debian Linux. Solution: For the oldstable distribution (stretch), this problem has been fixed in version 0.1.7-4+deb9u1. We recommend that you upgrade your neovim packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12735
Copyright	Copyright (C) 2019 Greenbone Networks GmbH