| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aliz at gentoo.org (Daniel Ahlberg)
Subject: GLSA: vim vim-core gvim
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13
- - --------------------------------------------------------------------
PACKAGE : vim vim-core gvim
SUMMARY : arbitrary code execution
DATE : 2003-01-22 11:48 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
- From advisory:
"Opening a specially crafted text file with vim can execute arbitrary shell
commands and pass parameters to them."
Read the full advisory at
http://www.guninski.com/vim1.html
SOLUTION
It is recommended that all Gentoo Linux users who are running
affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:
emerge sync
If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :
emerge -u vim-core
If you are running app-editos/vim upgrade to vim-6.1-r19 :
emerge -u vim
If you are running app-editos/gvim upgrade to gvim-6.1-r6 :
emerge -u gvim
emerge clean
- - --------------------------------------------------------------------
aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz
rphillips@...too.org
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+LoUAfT7nyhUpoZMRArcGAKCAVB+gvc8+iCjOFR/HYTOmqHdVLACeIoJ1
IKN3PiG5ilVLySKq2GKA4/k=
=H+Dh
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists