Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
373740425cdce8362111cf4caef765a5938b71e36b30145ab757004e4a8b3cb8==========================================================================
Ubuntu Security Notice USN-5963-1
March 20, 2023
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-47024,
CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433)
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS, and Ubuntu 22.10. (CVE-2023-0051)
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2023-1170, CVE-2023-1175)
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-1264)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
vim 2:9.0.0242-1ubuntu1.2
vim-athena 2:9.0.0242-1ubuntu1.2
vim-gtk3 2:9.0.0242-1ubuntu1.2
vim-nox 2:9.0.0242-1ubuntu1.2
vim-tiny 2:9.0.0242-1ubuntu1.2
Ubuntu 22.04 LTS:
vim 2:8.2.3995-1ubuntu2.4
vim-athena 2:8.2.3995-1ubuntu2.4
vim-gtk 2:8.2.3995-1ubuntu2.4
vim-gtk3 2:8.2.3995-1ubuntu2.4
vim-nox 2:8.2.3995-1ubuntu2.4
vim-tiny 2:8.2.3995-1ubuntu2.4
Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.12
vim-athena 2:8.1.2269-1ubuntu5.12
vim-gtk 2:8.1.2269-1ubuntu5.12
vim-gtk3 2:8.1.2269-1ubuntu5.12
vim-nox 2:8.1.2269-1ubuntu5.12
vim-tiny 2:8.1.2269-1ubuntu5.12
Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.11
vim-athena 2:8.0.1453-1ubuntu1.11
vim-gtk 2:8.0.1453-1ubuntu1.11
vim-gtk3 2:8.0.1453-1ubuntu1.11
vim-nox 2:8.0.1453-1ubuntu1.11
vim-tiny 2:8.0.1453-1ubuntu1.11
Ubuntu 16.04 ESM:
vim 2:7.4.1689-3ubuntu1.5+esm17
vim-athena 2:7.4.1689-3ubuntu1.5+esm17
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm17
vim-gtk 2:7.4.1689-3ubuntu1.5+esm17
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm17
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm17
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm17
vim-nox 2:7.4.1689-3ubuntu1.5+esm17
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm17
vim-tiny 2:7.4.1689-3ubuntu1.5+esm17
Ubuntu 14.04 ESM:
vim 2:7.4.052-1ubuntu3.1+esm7
vim-athena 2:7.4.052-1ubuntu3.1+esm7
vim-gtk 2:7.4.052-1ubuntu3.1+esm7
vim-nox 2:7.4.052-1ubuntu3.1+esm7
vim-tiny 2:7.4.052-1ubuntu3.1+esm7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5963-1
CVE-2022-47024, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054,
CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175,
CVE-2023-1264
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.2
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.4
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.12
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.11
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed