Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorymoderatesecurity issueopenSUSE Leap gvim Security Notice Document openSUSE-SU-2026-10829-5
An update that solves 4 vulnerabilities can now be installed.. # gvim-9.2.0398-1.1 on GA media Announcement ID: openSUSE-SU-2026:10652-1 Rating: moderate Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 * CVE-2026-39881 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39881 ( SUSE ): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the gvim-9.2.0398-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * gvim 9.2.0398-1.1 * vim 9.2.0398-1.1 * vim-data 9.2.0398-1.1 * vim-data-common 9.2.0398-1.1 * vim-small 9.2.0398-1.1 * xxd 9.2.0398-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://www.suse.com/security/cve/CVE-2026-39881.html . New openSUSE gvim update addressing four security issues with moderate severity is now available for installation.. openSUSE gvim update security moderate threat CVE. . LinuxSecurity.com Team
May 01, 2026
OpenSUSE
198
security advisoryhigh severitysecurity issueArch Linux: 201906-9 High: gvim Arbitrary Code Execution
The package gvim before version 8.1.1467-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201906-9 ======================================== Severity: High Date : 2019-06-11 CVE-ID : CVE-2019-12735 Package : gvim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-976 Summary ====== The package gvim before version 8.1.1467-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 8.1.1467-1. # pacman -Syu "gvim> =8.1.1467-1" The problem has been fixed upstream in version 8.1.1467. Workaround ========= Disable modeline support in the vimrc file by setting: set nomodeline Description ========== getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. Impact ===== A remote attacker could execute code with a maliciously written file. References ========= https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040 https://security.archlinux.org/CVE-2019-12735 . Arch Linux Security Notice ASA-202110-4 pertaining to vim emphasizes a critical vulnerability that permits unauthorized code execution.. Arch Linux Security Advisory, gvim code execution, high severity exploit. . LinuxSecurity.com Team
Jun 13, 2019
ArchLinux
91
security advisorygentooremote executionGentoo: GLSA-201706-26 Normal: Vim Remote Code Execution Threat
Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vim, gVim: Remote execution of arbitrary code Date: June 22, 2017 Bugs: #609150, #611386 ID: 201706-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code. Background ========= Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/vim < 8.0.0386 > = 8.0.0386 2 app-editors/gvim < 8.0.0386 > = 8.0.0386 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to open a specially crafted spell file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync #emerge --ask --oneshot --verbose "> =app-editors/vim-8.0.0386" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/gvim-8.0.0386" References ========= [ 1 ] CVE-2017-5953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5953 [ 2 ] CVE-2017-6349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6349 [ 3 ] CVE-2017-6350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6350 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-26 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 22, 2017
Gentoo
198
security advisorymedium severityarbitrary code executionArch Linux: ASA-201702-12 Medium: Gvim Arbitrary Code Execution
The package gvim before version 8.0.0322-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201702-12 ========================================= Severity: Medium Date : 2017-02-15 CVE-ID : CVE-2017-5953 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-174 Summary ====== The package gvim before version 8.0.0322-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 8.0.0322-1. # pacman -Syu "gvim> =8.0.0322-1" The problem has been fixed upstream in version 8.0.0322. Workaround ========= None. Description ========== It was found that vim does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. Impact ===== An attacker is able to execute arbitrary code on the affected host by tricking a user to use a specially crafted spell file. References ========= https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY https://security.archlinux.org/CVE-2017-5953 . Arch Linux Security Notice ASA-202103-17: vim is susceptible to code execution vulnerabilities. Update advised.. Arch Linux Security Advisory, Gvim Security, Arbitrary Code Execution, Package Upgrade. . Severity: Medium. LinuxSecurity.com Team
Feb 15, 2017
•Medium
ArchLinux
91
security advisorygentoocode executionGentoo: GLSA 201701-29 Normal: Vim and gVim Code Execution Risk
A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vim, gVim: Remote execution of arbitrary code Date: January 11, 2017 Bugs: #600650 ID: 201701-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated. Background ========= Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/vim < 8.0.0106 > = 8.0.0106 2 app-editors/gvim < 8.0.0106 > = 8.0.0106 ------------------------------------------------------------------- 2 affected packages Description ========== Vim and gVim do not properly validate values for the 'filetype', 'syntax', and 'keymap' options. Impact ===== A remote attacker could entice a user to open a specially crafted file using Vim/gVim with certain modeline options enabled possibly resulting in execution of arbitrary code with the privileges of the process. Workaround ========= Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root. Resolution ========= All Vim users should upgrade to the latestversion: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/vim-8.0.0106" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/gvim-8.0.0106" References ========= [ 1 ] CVE-2016-1248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1248 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 11, 2017
Gentoo
91
security advisorygentooprivilege escalationDebian: 202301-02 Critical: Emacs gEdit Header Injection Vulnerability
Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200412-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vim, gVim: Vulnerable options in modelines Date: December 15, 2004 Bugs: #73715 ID: 200412-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges. Background ========= Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/vim < 6.3-r2 > = 6.3-r2 2 app-editors/gvim < 6.3-r2 > = 6.3-r2 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap', 'printdevice', 'titleold', 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' or 'langmenu' could be abused. Impact ===== A local attacker could write a malicious file ina world readable location which, when opened in a modeline-enabled Vim, could trigger arbitrary commands with the rights of the user opening the file, resulting in privilege escalation. Please note that modelines are disabled by default in the /etc/vimrc file provided in Gentoo. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/vim-6.3-r2" All gVim users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/gvim-6.3-r2" References ========= [ 1 ] CAN-2004-1138 https://www.cve.org/CVERecord?id=CAN-2004-1138 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200412-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Dec 15, 2004
Gentoo
100
security advisorymoderateSuSEDebian: 2022:34 High: Remote Exploit in OpenSSH Service
A tmp race condition and other vulnerabilities exist that may be used to gain unauthorized access to more privileges.. ______________________________________________________________________________ SuSE Security Announcement Package: vim/gvim Announcement-ID: SuSE-SA:2001:12 Date: Tuesday, April 10th, 2001 15.23 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 5 SuSE default package: yes Other affected systems: all system using vim/gvim Content of this advisory: 1) security vulnerability resolved: vim/gvim problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc Both vulnerabilities could be used to gain unauthorized access to more privileges. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. vim: ---- i386 Intel Platform: SuSE-7.1 db368baa134c23b3578c8022a66d2703 source rpm: 00cf66142e477e24824410c8bf9e8702 SuSE-7.0 3a35734d8737c4f1e97ca9a6c1f68073 source rpm: 6275c8d938a7254e648ba33765613573 SuSE-6.4 7db6e43273fcfccf0f019246ba43fd05 source rpm: f2d7177a61b1794068412ea687b9ecf6 SuSE-6.3 c12a03ff18235ea3421b18c48d6448af source rpm: b6e46176215691fc398fc6184e437a36 SuSE-6.2 a9f2154d991f9eb848dff3ffa1dcf430 source rpm: 8e554dbfe786562204039358df810984 SuSE-6.1 fcef6ade53f01ffe4cd8a7b8c033e176 source rpm: e3d554b1354208ca6175c4757bab0373 Sparc Platform: SuSE-7.1 6746fc4eafc91ba5fa6d6377f22efdbd source rpm: de427c49af200e5fefa62a39959eaaaf SuSE-7.0 7648859cc6a584ce1a2715cf7bc34bdc source rpm: 934385ba01d59fc7bdd1bbaeca0cf260 AXP Alpha Platform: SuSE-7.0 ebe9dfc83dd1294b83d6b3aaad92fca0 source rpm: 038ab54d8a08f96b61118373f5e00948 SuSE-6.4 24d5f1365522d267650be44f80ab0b52 source rpm: 0a7a5bbde8e645254f4a5bd6cd402943 SuSE-6.3 b496518ea1640852e17ddb1274759fc4 source rpm: 1760adfac8e70bff334d74330acbefed SuSE-6.1 dc633df2ac8fafa41c76d5c0216ed149 source rpm: 610088cca725fec62a4e7d6f1b030af1 PPC PowerPC Platform: SuSE-7.0 0b9ecb77901b15a90bf25623701d834b source rpm: 3224f60fa80f27a9fb249a69c0ceaf01 SuSE-6.4 2044541d409bd756a166a75515214ffa source rpm: cac70ab3c2dee163d490bd85126f70aa gvim: ----- i386 Intel Platform: SuSE-7.1 066d163c43a6bb58f7a4a3770f179770 source rpm: e6e92c8c4de39bd3a5899a55d6003d82 SuSE-7.0 16973a740f4a1fc2f2a189f036a10fe9 source rpm: fecbd910f57b351e992f7b7015e3149b SuSE-6.4 1700470566ac4fb2e5588771f07638ed source rpm: 43a49e33acb8b9f017e6e5846ba636df SuSE-6.3 db2abf1a9414b36466eb3d1186df5a7e source rpm: 0b0b50b4987d594ee48a146e939f7152 SuSE-6.2 125171df7f45c80c10ea0fd52f944a6a source rpm: 634e7b355274aed0af0fd7ac83218d78 SuSE-6.1 1d18996bf9666269db7893ae340e5642 source rpm: 9279a59d6eb1942186e1233c6f0ebcf1 Sparc Platform: SuSE-7.0 d415a24027510882b68d4ddcf1970ab4 source rpm: 57bfa58f0f7c46354edc78f0fc694d43 AXP Alpha Platform: SuSE-6.4 4cd25502d4ac5067fc64cd917ebd9018 source rpm: 347a84634805a6efa1ebf76df2a8ddb5 SuSE-6.3 5808f168b8632c85518d61ecec33e3d1 source rpm: 9402b1f0440b71a6aa0c1a60748dd26d SuSE-6.1 b74d1cb6f7200d0bcf6ddbe1310e28c7 source rpm: 599e9ed0a326a9b86a6584f0a24ae4ad PPC PowerPC Paltform: SuSE-7.0 27e579ff062662425a3581da6d08bce9 source rpm: 42a9a5b423848bbe381251c15a095a65 SuSE-6.4 07b386f3dbaca5c9b3f8c440ba59c782 source rpm: 4ddef3c55da33c3b548dd055d3d9b75b ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/man´ and ignore the warnings and errors when viewing manpages. - A bufferoverflow in sudo was discovered and fixed RPMs will be available as soon as possible. A exploit was not made public until now. - NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the nextdays. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe:
Apr 10, 2001
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!