CentOS Errata and Security Advisory CESA-2008:0618-01
Vim (Visual editor IMproved) is an updated and improved version of the vi editor.
Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)
Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)
All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-November/027482.html
Affected packages: vim-X11 vim-common vim-enhanced vim-minimal
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html