Gentoo: vim command execution vulnerability
Summary
- - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13 - - -------------------------------------------------------------------- DATE : 2003-01-22 11:48 UTC
- - --------------------------------------------------------------------
- From advisory:
"Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them."
Read the full advisory at /vim1.html
SOLUTION
It is recommended that all Gentoo Linux users who are running affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:
emerge sync
If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :
emerge -u vim-core
If you are running app-editos/vim upgrade to vim-6.1-r19 :
emerge -u vim
If you are running app-editos/gvim upgrade to gvim-6.1-r6 :
emerge -u gvim
emerge clean
- - -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at rphillips@gentoo.org - - --------------------------------------------------------------------