Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201707-19 ========================================= Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ====== The package gvim before version 8.0.0722-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 8.0.0722-1. # pacman -Syu "gvim>=8.0.0722-1" The problem has been fixed upstream in version 8.0.0722. Workaround ========= None. Description ========== Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. Impact ===== An attacker is able to execute arbitrary code by tricking a user to locally execute a specially crafted vim source file. References ========= https://bugs.archlinux.org/task/54773 https://bugzilla.redhat.com/show_bug.cgi?id=1468492 https://security.archlinux.org/CVE-2017-11109