vim security update

2008-11-25T23:40:39
ID CESA-2008:0618-01
Type centos
Reporter CentOS Project
Modified 2008-11-25T23:40:39

Description

CentOS Errata and Security Advisory CESA-2008:0618-01

Vim (Visual editor IMproved) is an updated and improved version of the vi editor.

Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)

Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)

All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-November/027482.html

Affected packages: vim-X11 vim-common vim-enhanced vim-minimal

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html