RE: [SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: RE: [SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities
From: Hans Finckh <h.finckh@yahoo.de>
Date: Sun, 30 Sep 2007 13:29:41 +0200 (CEST)
Message-id: <[🔎] 80308.95812.qm@web28109.mail.ukl.yahoo.com>
In-reply-to: <20070919222043.GI1279@colo.lackof.org>
Dear Dann,

I`am just a beginner in LINUX, but have several
Knowledge a few years old, because in daily bussiness,
I have to adminstrate a W2k3 domain, but want to
enlarge my horizone.

There, we also have 2 vmware esx servers, running
round about 23 virtula machines on them, so that I
have some basic knowledge in konfiguring vmware. 

Know, I have been installing a debian gnu linux server
in my private environment [this is strictly seperated
from our bussiness environment]  because since we use
dsl [simular T1 in USA], we`ve had several serious
security problems like rootkits, worms and other uggly
stuff, and I`m more and more getting tired of this.

Therefore, because I want to use WXP further on [I`ve
been investing in several WIN Applications like a tax
declaration programm, for getting to much payed taxes
back from  the state, etc] I intend to run a WIN XP
machine in an vmware server environment, for
encapsulating it from security aspects as good as
possible.

My experience in the last 15 years comparing WIN with
UNIX/Linux-environments is, that  the last known are
running much more stable and possibly more secure[ I
hope, this does not change in the following years],
therefore my collegs and I prefer more and more the
non windows environment, this is also the reason to
convert  in my private sphere too.

So much to introduce and to ease your imagination for 
the main problem, I have in the moment:

Trying several weeks, to get the vmware server 1.0.3
running, i`ve been not realy successfull, so I hope,
you can give some support to me in this matter.

1.  I have a dvd with vmware-server 1.0.3 and Debian
GNU Linux on it,                                      
     
     the linux is running round about 4 weeks.
2.  There is also an installation instruction [LINUX
PC-Welt 4/2007 
      with a description installing vmware on ubuntu
but not exactly for
      debian.
3.   Can You please give to me a step-by-step-howto [
a link]  exactly             
       installing running [getting started and vmware
in the described 
       way.
4.   Should vmware be found under
Anwendungen\-->\-->\?

In forward, thank you very much for your support, If
you need any advice in any matter, I can help You or
anyone else, let me know







--- dann frazier <dannf@debian.org> schrieb:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -
>
--------------------------------------------------------------------------
> Debian Security Advisory DSA 1364-2                 
>   security@debian.org
> http://www.debian.org/security/                     
>          dann frazier
> September 19th, 2007                   
> http://www.debian.org/security/faq
> - -
>
--------------------------------------------------------------------------
> 
> Package        : vim
> Vulnerability  : several
> Problem-Type   : local(remote)
> Debian-specific: no
> CVE ID         : CVE-2007-2438 CVE-2007-2953
> 
> Several vulnerabilities have been discovered in the
> vim editor. The Common
> Vulnerabilities and Exposures project identifies the
> following problems:
> 
> CVE-2007-2953
> 
>     Ulf Harnhammar discovered that a format string
> flaw in helptags_one() from
>     src/ex_cmds.c (triggered through the "helptags"
> command) can lead to the
>     execution of arbitrary code.
> 
> CVE-2007-2438
> 
>     Editors often provide a way to embed editor
> configuration commands (aka
>     modelines) which are executed once a file is
> opened. Harmful commands
>     are filtered by a sandbox mechanism. It was
> discovered that function
>     calls to writefile(), feedkeys() and system()
> were not filtered, allowing
>     shell command execution with a carefully crafted
> file opened in vim.
> 
> This updated advisory repairs issues with missing
> files in the packages
> for the oldstable distribution (sarge) for the
> alpha, mips, and mipsel
> architectures.
> 
> For the oldstable distribution (sarge) these
> problems have been fixed in
> version 6.3-071+1sarge2. Sarge is not affected by
> CVE-2007-2438.
> 
> For the stable distribution (etch) these problems
> have been fixed
> in version 7.0-122+1etch3.
> 
> For the unstable distribution (sid) these problems
> have been fixed in
> version 7.1-056+1.
> 
> We recommend that you upgrade your vim packages.
> 
> 
> Upgrade Instructions
> - - --------------------
> 
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> If you are using the apt-get package manager, use
> the line for
> sources.list as given below:
> 
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
> 
> You may use an automated update by adding the
> resources from the
> footer to the proper configuration.
> 
> 
> Debian GNU/Linux 3.1 alias sarge
> - - --------------------------------
> 
>   Source archives:
> 
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc
>       Size/MD5 checksum:     1376
> a447ab6dba1d93c924841af4234e0f5b
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz
>       Size/MD5 checksum:   262331
> 96005f014eb64ad9e9056daf0f578582
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz
>       Size/MD5 checksum:  5624622
> de1c964ceedbc13538da87d2d73fd117
> 
>   Architecture independent components:
> 
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb
>       Size/MD5 checksum:  3424544
> bd11013f7a21dfa3b6ba0c819eec5cc6
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb
>       Size/MD5 checksum:  1649542
> d7d8c03c0c8247a253dbb261fa40d983
> 
>   Alpha architecture:
> 
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   897132
> 9b1b19c22a65bd4046684a603ea60146
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   987420
> 0f50e5570e94d0d24544770ffe0cf4f6
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   945902
> 9a583b7323e9907362cd4a5b5dd9054d
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   942798
> 70d57f86db028310f41981c4a7b108a1
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   882500
> d7a02c364f09a4ae502b3cc9180b83b4
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   959276
> 4895da0a62b9adf22868d7917bb5974e
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   954374
> 5e43d44823c54f75d58dd920b84675c5
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   949052
> 2df101622632733db64ffb1a1be758e3
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_alpha.deb
>       Size/MD5 checksum:   953728
> f36fba9f17e9364f87fe3fc9baab286a
> 
>   AMD64 architecture:
> 
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   770114
> 6f1818ee5504c2b0a5e52ee8d41b1806
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   835450
> 950d2cc4f3dcbcb68bc9cf4283c33a33
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   797578
> b284afa4fbc6deefda4e9e19ec46b1fe
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   795738
> 42372daac77df050d9d1a74226983972
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   736592
> 31e8cf65b1b7823641fb52b4de53dcfe
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   811434
> 3437e18e0dc9937fdec1ef2072895514
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   804926
> 53dd0076c07ea4bf6364abe1958e2160
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   799562
> f9250a0b1256f1128986b41b483a4987
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb
>       Size/MD5 checksum:   803722
> f1e30ddf2b099448f8ed5058e0f3bef3
> 
>   ARM architecture:
> 
>    
>
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb
> 
=== message truncated ===



H. Finckh 
Wiesenstr. 8 
72172 Sulz a.N. 
h.finckh@yahoo.de


      Machen Sie Yahoo! zu Ihrer Startseite. Los geht's: 
http://de.yahoo.com/set
Reply to:
Prev by Date: Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
Index(es):
- Date
- Thread