========================================================================== Ubuntu Security Notice USN-4016-2 June 11, 2019 Neovim vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 Summary: Neovim could be made to run programs as your login if it opened a specially crafted file. Software Description: - neovim: heavily refactored vim fork Details: It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: neovim 0.3.4-1ubuntu0.19.04.1 neovim-runtime 0.3.4-1ubuntu0.19.04.1 Ubuntu 18.10: neovim 0.3.1-1ubuntu0.1 neovim-runtime 0.3.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4016-2 https://usn.ubuntu.com/4016-1 CVE-2019-12735 Package Information: https://launchpad.net/ubuntu/+source/neovim/0.3.4-1ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/neovim/0.3.1-1ubuntu0.1