Security update for vim SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2993-1 Final 1 1 2016-12-04T17:14:27Z current 2016-12-04T17:14:27Z 2016-12-04T17:14:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vim This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) This update for vim fixes the following issues: - Fix build with Python 3.5. (bsc#988903) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00007.html E-Mail link for openSUSE-SU-2016:2993-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 gvim-7.4.326-8.2 vim-7.4.326-8.2 vim-data-7.4.326-8.2 gvim-7.4.326-8.2 as a component of openSUSE Leap 42.2 vim-7.4.326-8.2 as a component of openSUSE Leap 42.2 vim-data-7.4.326-8.2 as a component of openSUSE Leap 42.2 vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2016-1248 openSUSE Leap 42.2:gvim-7.4.326-8.2 openSUSE Leap 42.2:vim-7.4.326-8.2 openSUSE Leap 42.2:vim-data-7.4.326-8.2 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00007.html https://www.suse.com/security/cve/CVE-2016-1248.html CVE-2016-1248 https://bugzilla.suse.com/1010685 SUSE Bug 1010685 https://bugzilla.suse.com/1173534 SUSE Bug 1173534