From aliz@gentoo.org Wed Jan 22 13:28:36 2003 From: Daniel Ahlberg To: full-disclosure@lists.netsys.com Date: Wed, 22 Jan 2003 12:48:26 +0100 Subject: [Full-Disclosure] GLSA: vim vim-core gvim -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13 - - -------------------------------------------------------------------- PACKAGE : vim vim-core gvim SUMMARY : arbitrary code execution DATE : 2003-01-22 11:48 UTC EXPLOIT : remote - - -------------------------------------------------------------------- - From advisory: "Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them." Read the full advisory at http://www.guninski.com/vim1.html SOLUTION It is recommended that all Gentoo Linux users who are running affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows: emerge sync If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 : emerge -u vim-core If you are running app-editos/vim upgrade to vim-6.1-r19 : emerge -u vim If you are running app-editos/gvim upgrade to gvim-6.1-r6 : emerge -u gvim emerge clean - - -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz rphillips@gentoo.org - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+LoUAfT7nyhUpoZMRArcGAKCAVB+gvc8+iCjOFR/HYTOmqHdVLACeIoJ1 IKN3PiG5ilVLySKq2GKA4/k= =H+Dh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html