[Frugalware-security] [ FSA-236 ] vim

vmiklos noreply at frugalware.org
Fri Aug 3 09:54:39 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-236

Date: 2007-08-03
Package: vim
Vulnerable versions: <= 7.0-4terminus1
Unaffected versions: >= 7.0-4terminus2
Related bugreport: http://bugs.frugalware.org/task/2292
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953

Description
===========

Secunia Research has discovered a vulnerability in Vim, which can be exploited by malicious people to compromise a vulnerable system.
A format string error in the &quot;helptags_one()&quot; function in src/ex_cmds.c when running the &quot;helptags&quot; command can be exploited to execute arbitrary code via specially crafted help files.
Successful exploitation requires that the user is tricked into running &quot;helptags&quot; on malicious data.

Updated Packages
================

Check if you have vim installed:

	# pacman-g2 -Q vim

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy vim

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFGst8/Z7NElSD1VhkRAvqxAKCi9ORpl7memb6C+idVEqj+MtGhGQCfccu1
AY+B+cnCFqkM+wbguTpE7Wo=
=iT0T
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list