Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisoryimportantarbitrary executionRocky Linux 9 vi Significant Execution Risk CVE-2026-34983 RLSA-2026-21510
Important: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11509", "synopsis": "Important: vim security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for vim.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2455400", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400", "description": ""}], "cves": [{"name": "CVE-2026-34982", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34982", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-04-30T18:00:45.302131Z", "rpms": {"Rocky Linux 8": {"nvras": ["vim-2:8.0.1763-22.el8_10.3.src.rpm", "vim-common-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-common-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-common-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-common-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-debugsource-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-debugsource-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-enhanced-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-enhanced-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-enhanced-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-enhanced-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm","vim-filesystem-2:8.0.1763-22.el8_10.3.noarch.rpm", "vim-minimal-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-minimal-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-minimal-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-minimal-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-X11-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-X11-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-X11-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-X11-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important vim security update for Rocky Linux 8 addresses arbitrary command execution vulnerabilities and provides necessary fixes.. Rocky Linux Security Update,vim Command Execution,CVE-2026-34982,Vim Security Fixes,RHSA-2026-11509. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2026
•Important
Rocky Linux
91
security advisorygentoocode executionGentoo: GLSA 201701-29 Normal: Vim and gVim Code Execution Risk
A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vim, gVim: Remote execution of arbitrary code Date: January 11, 2017 Bugs: #600650 ID: 201701-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated. Background ========= Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/vim < 8.0.0106 > = 8.0.0106 2 app-editors/gvim < 8.0.0106 > = 8.0.0106 ------------------------------------------------------------------- 2 affected packages Description ========== Vim and gVim do not properly validate values for the 'filetype', 'syntax', and 'keymap' options. Impact ===== A remote attacker could entice a user to open a specially crafted file using Vim/gVim with certain modeline options enabled possibly resulting in execution of arbitrary code with the privileges of the process. Workaround ========= Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root. Resolution ========= All Vim users should upgrade to the latestversion: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/vim-8.0.0106" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-editors/gvim-8.0.0106" References ========= [ 1 ] CVE-2016-1248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1248 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 11, 2017
Gentoo
87
security advisorymoderatecode executionDebian DSA-3722-1: Moderate Vim Code Execution Risk Advisory
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3722-1
Nov 22, 2016
Debian
89
security advisoryfedora corecriticalFedora Core 3: FEDORA-2005-018 Critical: Vim Command Execution Threat
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fernández-Sanguino Peña discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-018 2005-01-12 ---------------------------------------------------------------------Product : Fedora Core 3 Name : vim Version : 6.3.054 Release : 0.fc3.1 Summary : The VIM editor. Description : VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. ---------------------------------------------------------------------Update Information: Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue. Javier Fernández-Sanguino Peña discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack. ---------------------------------------------------------------------* Tue Jan11 2005 Karsten Hopp 6.3.054-0.fc3.1 - patchlevel 54 - fix usage of temporary files (#144698) * Tue Dec 14 2004 Karsten Hopp 6.3.046-0.fc3.1 - patchlevel 46 (#142446) CAN-2004-1138 ---------------------------------------------------------------------This update can be downloaded from: 5b9a4b0da35d3d57a88b6c7c95b5c1fd SRPMS/vim-6.3.054-0.fc3.1.src.rpm 829f6d419aa8193a29b0b61b8331e140 x86_64/vim-common-6.3.054-0.fc3.1.x86_64.rpm 12741125b95691dd1219d97a843aca6d x86_64/vim-minimal-6.3.054-0.fc3.1.x86_64.rpm 174963d7208fb3e63d97bc3d246ab557 x86_64/vim-enhanced-6.3.054-0.fc3.1.x86_64.rpm 1de0fc1a0ec7f333ead8474e69fd7dff x86_64/vim-X11-6.3.054-0.fc3.1.x86_64.rpm 2acf1b3f9c95ee0d13c7dfacea0598f7 x86_64/debug/vim-debuginfo-6.3.054-0.fc3.1.x86_64.rpm 11fc97eaf90d392e097954288701ea78 i386/vim-common-6.3.054-0.fc3.1.i386.rpm 2c7911e0c78ae79fbd9390d978f5f245 i386/vim-minimal-6.3.054-0.fc3.1.i386.rpm beef9829f37c8e916a7a605a030aa066 i386/vim-enhanced-6.3.054-0.fc3.1.i386.rpm d578bd4501cb6b77ff5e821704dd19ce i386/vim-X11-6.3.054-0.fc3.1.i386.rpm 0a197bc77cc9996a0a8d8665819d8188 i386/debug/vim-debuginfo-6.3.054-0.fc3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jan 12, 2005
•Critical
Fedora
98
security advisoryupdatecriticalRed Hat Enterprise Linux: RHSA-2005:010-01 Critical: VIM Command Execution
Updated vim packages that fix a modeline vulnerability are now available.. --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated VIM packages fix security vulnerability Advisory ID: RHSA-2005:010-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:010.html Issue date: 2005-01-05 Updated on: 2005-01-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1138 ---------------------------------------------------------------------1. Summary: Updated vim packages that fix a modeline vulnerability are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: VIM (Vi IMproved) is an updated and improved version of the vi screen-based editor. Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain a backported patch for this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download andupdate your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (https://bugzilla.redhat.com/): 142444 - CAN-2004-1138 vim arbitrary command execution vulnerability 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm i386: d4ff95dc139d9b246a3b4bb22e56f0a2 vim-X11-6.0-7.19.i386.rpm d0a4daf9963f0b30d23f8b55b660e7bd vim-common-6.0-7.19.i386.rpm 5e0f345e8c4149a6e526be1ebcbcaf08 vim-enhanced-6.0-7.19.i386.rpm 49ba3bac9787288f6ed3a6cb76ea3257 vim-minimal-6.0-7.19.i386.rpm ia64: f8cf3e2990cf9f01f2e8b92413562f2f vim-X11-6.0-7.19.ia64.rpm c0fcd7546afb8ffe8e059993b357291c vim-common-6.0-7.19.ia64.rpm aaccc710338fc217fcb61f17a859cc75 vim-enhanced-6.0-7.19.ia64.rpm 86625051f0b0530dc495662a8462f0b8 vim-minimal-6.0-7.19.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ec80e6cff8ce3f0324933a86105ba08a vim-6.0-7.19.src.rpm ia64: f8cf3e2990cf9f01f2e8b92413562f2f vim-X11-6.0-7.19.ia64.rpm c0fcd7546afb8ffe8e059993b357291c vim-common-6.0-7.19.ia64.rpm aaccc710338fc217fcb61f17a859cc75 vim-enhanced-6.0-7.19.ia64.rpm 86625051f0b0530dc495662a8462f0b8 vim-minimal-6.0-7.19.ia64.rpm Red Hat Enterprise Linux ES version 2.1: 4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm ia64: c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm 5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm ppc: ab2a437d98890191fbf02e125ac4e9d8 vim-X11-6.3.046-0.30E.1.ppc.rpm 4b55871f27ef4e3b4615efe69ca34c80 vim-common-6.3.046-0.30E.1.ppc.rpm 620989f956755a9599f15c31e779ab20 vim-enhanced-6.3.046-0.30E.1.ppc.rpm 5be5a1eee3b838eede6703a28dde8c5b vim-minimal-6.3.046-0.30E.1.ppc.rpm s390: 6c35fa52e2fd0026824e2353b7f5d3f8 vim-X11-6.3.046-0.30E.1.s390.rpm b231e358ccbf79bce43ba6fe2c31a696 vim-common-6.3.046-0.30E.1.s390.rpm cb01c4182855dc24dcbe503deed6333b vim-enhanced-6.3.046-0.30E.1.s390.rpm 4fd73da1b8d06876e090c624e95bc811 vim-minimal-6.3.046-0.30E.1.s390.rpm s390x: c87e1eaaa9a04c503ba85c39cc9a6d9b vim-X11-6.3.046-0.30E.1.s390x.rpm 50f4f4f629051dbe46257207ba6e4b39 vim-common-6.3.046-0.30E.1.s390x.rpm 52a43a425e87218212e09e129bb8d37a vim-enhanced-6.3.046-0.30E.1.s390x.rpm 62108052dd87b0bba769f6a000be0f87 vim-minimal-6.3.046-0.30E.1.s390x.rpm x86_64: f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm 4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm 3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm 4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: 6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm i386: bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm 24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm 4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm x86_64: f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm 4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm 3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm 4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm i386: bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm 24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm 4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm ia64: c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm 5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm x86_64: f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm 4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm 3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm 4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 6ec356d24ae87a5a028a17a6ca73ae76 vim-6.3.046-0.30E.1.src.rpm i386: bc4c3a9f814b0774d1b149a692593b2e vim-X11-6.3.046-0.30E.1.i386.rpm 24261f2028b06d5da8ca35a87ccc8610 vim-common-6.3.046-0.30E.1.i386.rpm a73de031e006487d7ff786d303e9415c vim-enhanced-6.3.046-0.30E.1.i386.rpm 4aee80bee3f5e929901423d81fdec9c9 vim-minimal-6.3.046-0.30E.1.i386.rpm ia64: c889113a94e55add8fc9ff4a25b7ebf7 vim-X11-6.3.046-0.30E.1.ia64.rpm aa9badc6e92b5d77b970a1155d9df8db vim-common-6.3.046-0.30E.1.ia64.rpm 5efa3cb764808a07066756537283f7bf vim-enhanced-6.3.046-0.30E.1.ia64.rpm cb01ce6b3d6b8229ac834b71604c1a7c vim-minimal-6.3.046-0.30E.1.ia64.rpm x86_64: f524aa992ca4375baac7d336e0872beb vim-X11-6.3.046-0.30E.1.x86_64.rpm 4cd585c858e2ef474333ac15313a2015 vim-common-6.3.046-0.30E.1.x86_64.rpm 3a4f3d6f6b1c782725fdd586d806bc92 vim-enhanced-6.3.046-0.30E.1.x86_64.rpm 4f6583be9cc3744ac10a24afc3a50b67 vim-minimal-6.3.046-0.30E.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2004-1138 8.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Red Hat has published new VIM packages to address a modeline security flaw. Learn the steps to fix it effectively.. VIM Security Fix, Red Hat Advisories, Command Execution Threat. . Severity: Critical. LinuxSecurity.com Team
Jan 05, 2005
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!