VIM ModeLines Arbitrary Command Execution Vulnerability
Gentoo Linux has released an advisory. Users who have installed app-editos/vim-core, app-editos/vim, or app-editos/gvim are advised to upgrade their systems by issuing the following commands:
emerge -u vim-core
emerge -u vim
emerge -u gvim
Mandrake has released an advisory (MDKSA-2003:012) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.
Sun Microsystems has made fixes available for this issue.
Conectiva has released advisory CLA-2004:812 with fixes to address this issue.
SCO OpenLinux has released advisory CSSA-2004-015.0 and fixes dealing with this issue.
The following fixes are available:
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
VIM Development Group VIM 5.7
VIM Development Group VIM 6.0
VIM Development Group VIM 6.1
VIM Development Group VIM 6.2