pjp Administrator
Joined: 16 Apr 2002 Posts: 20499
|
Posted: Thu Jan 23, 2003 3:34 pm Post subject: [gentoo-security] GLSA: vim vim-core gvim |
|
|
Daniel Ahlberg wrote: | - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13
- - --------------------------------------------------------------------
PACKAGE : vim vim-core gvim
SUMMARY : arbitrary code execution
DATE : 2003-01-22 11:48 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
- From advisory:
"Opening a specially crafted text file with vim can execute arbitrary shell
commands and pass parameters to them."
Read the full advisory at
http://www.guninski.com/vim1.html
SOLUTION
It is recommended that all Gentoo Linux users who are running
affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:
emerge sync
If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :
emerge -u vim-core
If you are running app-editos/vim upgrade to vim-6.1-r19 :
emerge -u vim
If you are running app-editos/gvim upgrade to gvim-6.1-r6 :
emerge -u gvim
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
rphillips@gentoo.org
- - -------------------------------------------------------------------- |
Mailing List Archive: Unavailable _________________ Quis separabit? Quo animo? |
|