- Issued:
- 2003-02-06
- Updated:
- 2003-02-05
RHSA-2002:302 - Security Advisory
Synopsis
vim security update
Type/Severity
Security Advisory: Important
Topic
Updated VIM packages are available for Red Hat Linux Advanced Server.
These updates resolve a security issue when opening a specially-crafted text
file.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1
Description
VIM (VIsual editor iMproved) is a version of the vi editor.
VIM allows a user to set the modeline differently for each edited text
file by placing special comments in the files. Georgi Guninski found that
these comments can be carefully crafted in order to call external programs.
This could allow an attacker to create a text file such that when it is
opened arbitrary commands are executed.
Users of VIM are advised to upgrade to these errata packages which have
been patched to disable the usage of dangerous funtions in modelines.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Workstation 2 ia64
Fixes
(none)CVEs
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.