A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options' values are then used in Vim's scripts to build a command string that's evaluated by :execute, which is what allows the shell commands to be run. Upstream patch: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a References: http://seclists.org/oss-sec/2016/q4/506
Created vim tracking bugs for this issue: Affects: fedora-all [bug 1398228]
Mitigation: Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:2972 https://rhn.redhat.com/errata/RHSA-2016-2972.html