Ubuntu Security Notice USN-61-1
18th January, 2005
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Javier Fern�ez-Sanguino Pe�oticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- vim-tcl
- vim-gnome
- vim-lesstif
- vim-gtk
- kvim
- vim
- vim-python
- vim-perl
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None