-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2789
                            vim security update
                             23 November 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           vim
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Linux variants
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1248  

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3722

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running vim check for an updated version of the software for their 
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3722-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 22, 2016                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : vim
CVE ID         : CVE-2016-1248

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi
editor, does not properly validate values for the the 'filetype',
'syntax' and 'keymap' options, which may result in the execution of
arbitrary code if a file with a specially crafted modeline is opened.

For the stable distribution (jessie), this problem has been fixed in
version 2:7.4.488-7+deb8u1.

We recommend that you upgrade your vim packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlg0dGNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T3Ug/5AUo/GRRssdiitmgOP4tI1SDoMJYoe7qJZx0PnA0eMr72FgJd6Z9rdsPJ
RkQnzHId1IkSYjJGEjOeFTn4zq5JDjmTzAM0IuaO4nWHo1MOWSlnZrHXpvYVL2fy
v4VlwQzcpiQ5jPRoGrYGMiR3KRlVoSpgSNBxRQ3nPmewEmxj8kzkk49jXZW+Nm7T
DCLNlQxMXmYnWEWQ530PeV5GO4lkEnjAC7sCXpdzHzSlONSG0MLU74VAIkeKcaVY
yOTqGblyFFXhP5mrAf3TBGnUYZTPuv2qmqLAkBKZjIITIM4X0DiZN9GezYP4vcXS
ZHPeLNpSMMApqSqYmzAAdB2YYv69n6cCOaDpcy+SoaqeIJ4h2K13vCi9SudOuY1Q
DH4dY+njC/ZUHGWBkSdRh8Qjcr8UnLNJdx+QTyK1PeCa6phVnOtSIPkMNR43X0bc
OWF4x79btPnc2oqUAVqTAP24a1E9juSaTciiznlepGOXkhTcqoebuppzsl9U+1Q5
rbp/ScJdhw51oAGScl3UMloFDZJ6ooH9nDKZ4rqKyFBdBaWVcaZ3dLSucMQCu2/5
ra9WSAVlWU1PSNiTiH7LoIKK8vwiowqPKYzzB9Bxv9nK0eIDfdP6OrSzwneXA6o8
rBgd9LKe4ejPL2UcZvo9sijkrW8dPkG5wdM+AHZSVueAbIpeQ4A=
=cpYw
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWDTZUIx+lLeg9Ub1AQi5dg/+OYlFf7yaLgDF/XC2EDsPLSXBEMc5/ZYr
Qks3baAh/2RR1Ny32xp/bTwHk6IwYHFRAGeJ+I1I26ofTtAEHAeHCJ0MDPQjOerz
XL6uuA2NObAcpMvc6+Uiv3uRKhOT3+8Plxa+BoCMuj1zVTv918Fa/UojcwDAoh3G
9Au6PTXj5r6RVyI3y7T0PL3dzHiy85M8DbbrB9suAPY0n8hVLUOMLjMiFiHADJYp
px/V5NYMiaDkTx75DPnZjaV2MubizmIAJfh/EsDeRG2wVLFYp8DlvldS78QYmPos
2YJ7ppdxkK3+n4o9plnpu8Tdp+C0rtqmorsDyu8Az7dZL2J3PdbmOQCQlT3bV6CX
xW3zey/KPYw9nGURoyiXHBWctZWQKVFf9wzF7NFKaQwDol8d891hcXnnNv4YzpjX
nWqkTi5MOlOy2me64PecORIeGp+QKx6u91SHmLtzCTzh+UyKqJkBzZOQyYM2QdbL
GSxtgcYk4vMnyotUeNlPp2vmRYgM4hTNp/gfZZCgcRPncY8cyN/BCIwPH5HSSe46
tRItjOLBOhTWZWK38LnwvVtXTMMzi50wCEQKsBeZzBWBEtFQAQJRUQ3rSTgLasg2
VJp7/jeco4R6cPpax/pGxRMcDCB2QdYwt9Uza4BdydgHlWmRskoQYsxcY8L/nv9t
1CZd8Y4mHqo=
=DnYe
-----END PGP SIGNATURE-----