Ubuntu USN-712-1 (vim)

The remote host is missing an update to vim announced via advisory USN-712-1.

Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2712) Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4101)

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: vim 1:6.4-006+2ubuntu6.2 vim-runtime 1:6.4-006+2ubuntu6.2 Ubuntu 7.10: vim 1:7.1-056+2ubuntu2.1 vim-runtime 1:7.1-056+2ubuntu2.1 Ubuntu 8.04 LTS: vim 1:7.1-138+1ubuntu3.1 vim-runtime 1:7.1-138+1ubuntu3.1 Ubuntu 8.10: vim 1:7.1.314-3ubuntu3.1 vim-runtime 1:7.1.314-3ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-712-1