Alerts This Week
Warning Icon 1 1,053
Alerts This Week
Warning Icon 1 1,053

Ubuntu: 4309-1 Critical: Vim Denial Of Service and Code Execution

ubuntu
Calendar Grey March 23, 2020
Dist Ubuntu Esm H88
Several vulnerabilities in Vim addressed through Ubuntu updates bolster system security and guard against potential threats.
Several security issues were fixed in Vim.

Summary

Several security issues were fixed in Vim.

Software Description:

- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled certain sources.

An attacker could possibly use this issue to cause a denial of service.

This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and

Ubuntu 16.04 LTS (CVE-2017-1110)

It was discovered that Vim incorrectly handled certain files.

An attacker could possibly use this issue to execute arbitrary code.

This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

(CVE-2017-5953)

It was discovered that Vim incorrectly handled certain inputs.

An attacker could possibly use this issue to cause a denial of service.

This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786)

It was discovered that Vim incorrectly handled certain inputs. An attacker

could possibly use this issue to cause a denial of service or

execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and

Ubuntu 19.10. (CVE-2019-20079)

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security issue arbitrary code execution Ubuntu security patch Vim

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  vim                             2:8.1.0875-5ubuntu2.1
  vim-common                      2:8.1.0875-5ubuntu2.1
  vim-gui-common                  2:8.1.0875-5ubuntu2.1
  vim-runtime                     2:8.1.0875-5ubuntu2.1

Ubuntu 18.04 LTS:
  vim                             2:8.0.1453-1ubuntu1.3
  vim-common                      2:8.0.1453-1ubuntu1.3
  vim-gui-common                  2:8.0.1453-1ubuntu1.3
  vim-runtime                     2:8.0.1453-1ubuntu1.3

Ubuntu 16.04 LTS:
  vim                             2:7.4.1689-3ubuntu1.4
  vim-common                      2:7.4.1689-3ubuntu1.4
  vim-gui-common                  2:7.4.1689-3ubuntu1.4
  vim-runtime                     2:7.4.1689-3ubuntu1.4

Ubuntu 14.04 ESM:
  vim                             2:7.4.052-1ubuntu3.1+esm1
  vim-common                      2:7.4.052-1ubuntu3.1+esm1
  vim-gui-common                  2:7.4.052-1ubuntu3.1+esm1
  vim-runtime                     2:7.4.052-1ubuntu3.1+esm1

Ubuntu 12.04 ESM:
  vim                             2:7.3.429-2ubuntu2.3
  vim-common                      2:7.3.429-2ubuntu2.3
  vim-gui-common                  2:7.3.429-2ubuntu2.3
  vim-runtime                     2:7.3.429-2ubuntu2.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4309-1

CVE-2017-11109, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350,

CVE-2018-20786, CVE-2019-20079

Severity
critical
Lowest
Low
Medium
High
Critical

March 23, 2020

Topics%20covered

Topics Covered

security advisory denial of service security issue arbitrary code execution Ubuntu security patch Vim

Package Information

https://launchpad.net/ubuntu/+source/vim/2:8.1.0875-5ubuntu2.1
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.3
https://launchpad.net/ubuntu/+source/vim/2:7.4.1689-3ubuntu1.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here