[USN-7748-1] Vim vulnerabilities
noreply+usn-bot at canonical.com
noreply+usn-bot at canonical.com
Mon Sep 15 16:30:41 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7748-1
September 15, 2025
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled file extraction when opening
maliciously crafted zip or tar archives. An attacker could possibly use
this issue to create or overwrite files on the system and execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
vim 2:9.1.0967-1ubuntu4.1
Ubuntu 24.04 LTS
vim 2:9.1.0016-1ubuntu7.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7748-1
CVE-2025-53905, CVE-2025-53906
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu4.1
https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250915/59bef890/attachment.sig>
More information about the ubuntu-security-announce
mailing list