USN-6195-1: Vim vulnerabilities
3 July 2023
Several security issues were fixed in Vim.
Releases
Packages
- vim - Vi IMproved - enhanced vi editor
Details
It was discovered that Vim contained an out-of-bounds read vulnerability.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing
allocated memory. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-0156)
It was discovered that Vim contained a heap-based buffer overflow
vulnerability. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording
and using select mode. An attacker could possibly use this issue to cause
a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations
during a visual block yank. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference
vulnerability when switching tabpages. An attacker could possible use this
issue to cause a denial of service. (CVE-2022-0696)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
vim-athena
-
2:8.2.3995-1ubuntu2.9
-
xxd
-
2:8.2.3995-1ubuntu2.9
-
vim
-
2:8.2.3995-1ubuntu2.9
-
vim-tiny
-
2:8.2.3995-1ubuntu2.9
-
vim-gtk3
-
2:8.2.3995-1ubuntu2.9
-
vim-nox
-
2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes.