Red Hat Bugzilla – Bug 144695
CAN-2005-0069 vim unsafe temporary file usage.
Last modified: 2007-11-30 17:07:05 EST
Two insecure temporary file vulns have been reported to the debian BTS.
The issues refer to the usage of temporary files using the process PID as the
"randomness". I would not be surprised if this isn't the only scripts in vim
that do this.
This issue should also affect RHEL2.1
vim-6.3.046-0.30E.2 is the fixed version for RHEL-3
vim-6.3.046-0.40E.2 " " RHEL-4
vim-6.0-7.20 " " AS-2.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.