Amazon Linux 1 Security Advisory: ALAS-2016-779
Advisory Release Date: 2016-12-19 16:30 Pacific
Advisory Updated Date: 2016-12-19 16:30 Pacific
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (modelines are disabled by default for root, and enabled by default for other users.)
Affected Packages:
vim
Issue Correction:
Run yum update vim to update your system.
i686:
vim-minimal-8.0.0134-1.43.amzn1.i686
vim-enhanced-8.0.0134-1.43.amzn1.i686
vim-filesystem-8.0.0134-1.43.amzn1.i686
vim-debuginfo-8.0.0134-1.43.amzn1.i686
vim-common-8.0.0134-1.43.amzn1.i686
src:
vim-8.0.0134-1.43.amzn1.src
x86_64:
vim-debuginfo-8.0.0134-1.43.amzn1.x86_64
vim-common-8.0.0134-1.43.amzn1.x86_64
vim-minimal-8.0.0134-1.43.amzn1.x86_64
vim-enhanced-8.0.0134-1.43.amzn1.x86_64
vim-filesystem-8.0.0134-1.43.amzn1.x86_64