Updated VIM packages has been released for Oracle Linux 6 to fix an arbitrary command execution via the modeline
Oracle Linux Security Advisory ELSA-2019-1774Vim Security Update for Oracle Linux 6
http://linux.oracle.com/errata/ELSA-2019-1774.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
vim-X11-7.4.629-5.el6_10.2.i686.rpm
vim-common-7.4.629-5.el6_10.2.i686.rpm
vim-enhanced-7.4.629-5.el6_10.2.i686.rpm
vim-filesystem-7.4.629-5.el6_10.2.i686.rpm
vim-minimal-7.4.629-5.el6_10.2.i686.rpm
x86_64:
vim-X11-7.4.629-5.el6_10.2.x86_64.rpm
vim-common-7.4.629-5.el6_10.2.x86_64.rpm
vim-enhanced-7.4.629-5.el6_10.2.x86_64.rpm
vim-filesystem-7.4.629-5.el6_10.2.x86_64.rpm
vim-minimal-7.4.629-5.el6_10.2.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/vim-7.4.629-5.el6_10.2.src.rpm
Description of changes:
[2:7.4.629-5.2]
- 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary
command execution via the modeline
- fix spec warnings about expanding macros