Ubuntu Security Notice USN-52-1
23rd December, 2004
vim vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Ciaran McCreesh found several vulnerabilities related to the use of
options in Vim modeline commands, such as 'termcap', 'printdevice',
'titleold', 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode',
and 'langmenu'.
If an attacker tricked an user to open a file with a specially crafted
modeline, he could exploit this to execute arbitrary commands with the
user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- vim-tcl
- vim-gnome
- vim-lesstif
- vim-gtk
- kvim
- vim
- vim-python
- vim-perl
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None