Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu: 4582-1 Moderate: Vim Permissions and Restricted Mode Issues

ubuntu
Calendar Grey October 14, 2020
Dist Ubuntu Esm H88
Several security flaws in Vim have been fixed in the Ubuntu 20.04 and 22.04 LTS releases, addressing information exposure and local exploitation concerns.
Several security issues were fixed in Vim.

Summary

Several security issues were fixed in Vim.

Software Description:

- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled permissions on the .swp

file. A local attacker could possibly use this issue to obtain sensitive

information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087)

It was discovered that Vim incorrectly handled restricted mode. A local

attacker could possibly use this issue to bypass restricted mode and

execute arbitrary commands. Note: This update only makes executing shell

commands more difficult. Restricted mode should not be considered a

complete security measure. (CVE-2019-20807)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  vim                             2:8.0.1453-1ubuntu1.4
  vim-common                      2:8.0.1453-1ubuntu1.4
  vim-runtime                     2:8.0.1453-1ubuntu1.4

Ubuntu 16.04 LTS:
  vim                             2:7.4.1689-3ubuntu1.5
  vim-common                      2:7.4.1689-3ubuntu1.5
  vim-runtime                     2:7.4.1689-3ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4582-1

CVE-2017-17087, CVE-2019-20807

Severity
important
Lowest
Low
Medium
High
Critical

October 14, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.