-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13 - - --------------------------------------------------------------------
PACKAGE : vim vim-core gvim SUMMARY : arbitrary code execution DATE : 2003-01-22 11:48 UTC EXPLOIT : remote - - -------------------------------------------------------------------- - From advisory: "Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them." Read the full advisory at http://www.guninski.com/vim1.html SOLUTION It is recommended that all Gentoo Linux users who are running affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows: emerge sync If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 : emerge -u vim-core If you are running app-editos/vim upgrade to vim-6.1-r19 : emerge -u vim If you are running app-editos/gvim upgrade to gvim-6.1-r6 : emerge -u gvim emerge clean - - -------------------------------------------------------------------- [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+LoUAfT7nyhUpoZMRArcGAKCAVB+gvc8+iCjOFR/HYTOmqHdVLACeIoJ1 IKN3PiG5ilVLySKq2GKA4/k= =H+Dh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
