Fwd: [USN-5801-1] Vim vulnerabilities
Mark Esler
mark.esler at canonical.com
Fri Jan 13 03:41:39 UTC 2023
==========================================================================
Ubuntu Security Notice USN-5801-1
January 12, 2023
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim makes illegal memory calls when pasting
brackets in Ex mode. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. This issue
affected only Ubuntu 20.04 and 22.04 (CVE-2022-0392)
It was discovered that Vim makes illegal memory calls when making
certain retab calls. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-0417)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
vim 2:8.2.3995-1ubuntu2.3
vim-athena 2:8.2.3995-1ubuntu2.3
vim-gtk 2:8.2.3995-1ubuntu2.3
vim-gtk3 2:8.2.3995-1ubuntu2.3
vim-nox 2:8.2.3995-1ubuntu2.3
vim-tiny 2:8.2.3995-1ubuntu2.3
xxd 2:8.2.3995-1ubuntu2.3
Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.11
vim-athena 2:8.1.2269-1ubuntu5.11
vim-gtk 2:8.1.2269-1ubuntu5.11
vim-gtk3 2:8.1.2269-1ubuntu5.11
vim-nox 2:8.1.2269-1ubuntu5.11
vim-tiny 2:8.1.2269-1ubuntu5.11
xxd 2:8.1.2269-1ubuntu5.11
Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.10
vim-athena 2:8.0.1453-1ubuntu1.10
vim-gnome 2:8.0.1453-1ubuntu1.10
vim-gtk 2:8.0.1453-1ubuntu1.10
vim-gtk3 2:8.0.1453-1ubuntu1.10
vim-nox 2:8.0.1453-1ubuntu1.10
vim-tiny 2:8.0.1453-1ubuntu1.10
xxd 2:8.0.1453-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5801-1
CVE-2022-0392, CVE-2022-0417
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.3
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.11
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.10
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xD60B83C90513BD4F.asc
Type: application/pgp-keys
Size: 4646 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230112/45ba8612/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230112/45ba8612/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list