Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Ubuntu 21.04-21.10 USN-5147-1 Critical: Vim Memory Flaws Exploited

ubuntu
Calendar Grey November 15, 2021
Dist Ubuntu Esm H88
Patches to enhance security in Vim on Ubuntu, focusing on vulnerabilities related to remote code execution and memory corruption.
Several security issues were fixed in Vim.

Summary

Several security issues were fixed in Vim.

Software Description:

- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled permissions on the .swp

file. A local attacker could possibly use this issue to obtain sensitive

information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)

It was discovered that Vim incorrectly handled restricted mode. A local

attacker could possibly use this issue to bypass restricted mode and

execute arbitrary commands. Note: This update only makes executing shell

commands more difficult. Restricted mode should not be considered a

complete security measure. This issue only affected Ubuntu 14.04 ESM.

(CVE-2019-20807)

Brian Carpenter discovered that vim incorrectly handled memory

when opening certain files. If a user was tricked into opening

a specially crafted file, a remote attacker could crash the

application, leading to a denial of service, or possible execute

arbitrary code with user privileges. Thi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  vim                             2:8.2.2434-3ubuntu3.1

Ubuntu 21.04:
  vim                             2:8.2.2434-1ubuntu1.2

Ubuntu 20.04 LTS:
  vim                             2:8.1.2269-1ubuntu5.4

Ubuntu 18.04 LTS:
  vim                             2:8.0.1453-1ubuntu1.7

Ubuntu 16.04 ESM:
  vim                             2:7.4.1689-3ubuntu1.5+esm3

Ubuntu 14.04 ESM:
  vim                             2:7.4.052-1ubuntu3.1+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5147-1

CVE-2017-17087, CVE-2019-20807, CVE-2021-3872, CVE-2021-3903,

CVE-2021-3927, CVE-2021-3928

Severity
critical
Lowest
Low
Medium
High
Critical

November 15, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.