vim security update

2008-11-2523:40:39

CentOS Project

lists.centos.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.2%

JSON

CentOS Errata and Security Advisory CESA-2008:0618-01

Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.

Several input sanitization flaws were found in Vim’s keyword and tag
handling. If Vim looked up a document’s maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)

Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)

All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-November/077606.html

Affected packages:
vim-X11
vim-common
vim-enhanced
vim-minimal

OSVersionArchitecturePackageVersionFilename
CentOS2i386vim-common< 6.0-7.25vim-common-6.0-7.25.i386.rpm
CentOS2i386vim-enhanced< 6.0-7.25vim-enhanced-6.0-7.25.i386.rpm
CentOS2i386vim-minimal< 6.0-7.25vim-minimal-6.0-7.25.i386.rpm
CentOS2i386vim-x11< 6.0-7.25vim-X11-6.0-7.25.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	2	i386	vim-common	< 6.0-7.25	vim-common-6.0-7.25.i386.rpm
CentOS	2	i386	vim-enhanced	< 6.0-7.25	vim-enhanced-6.0-7.25.i386.rpm
CentOS	2	i386	vim-minimal	< 6.0-7.25	vim-minimal-6.0-7.25.i386.rpm
CentOS	2	i386	vim-x11	< 6.0-7.25	vim-X11-6.0-7.25.i386.rpm