Fwd: RHN Errata Alert: Low: vim security update
Elan Ruusamäe
glen at delfi.ee
Mon Feb 21 01:43:00 CET 2005
PLD affected too
---------- Forwarded Message ----------
Subject: RHN Errata Alert: Low: vim security update
Security Advisory - RHSA-2005:122-04
-----------------------------------------------------------------------------
Summary:
Low: vim security update
Updated vim packages that fix a security vulnerability are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Description:
VIM (Vi IMproved) is an updated and improved version of the vi screen-based
editor.
The Debian Security Audit Project discovered an insecure temporary file
usage in VIM. A local user could overwrite or create files as a different
user who happens to run one of the the vulnerable utilities. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0069 to this issue.
All users of VIM are advised to upgrade to these erratum packages, which
contain a backported patche for this issue.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289560
-----------------------------------------------------------------------------
--
glen
More information about the pld-devel-en
mailing list