Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 734
Alerts This Week
Warning Icon 1 734

Ubuntu 16.04 ESM: USN-5460-1 Critical: Vim Buffer Overflows and DoS

ubuntu
Calendar Grey June 6, 2022
Dist Ubuntu Esm H88
The Ubuntu 16.04 Extended Security Maintenance (ESM) addresses vital vulnerabilities discovered in Vim, providing essential patches to avert potential exploits and safeguard user information.
Several security issues were fixed in Vim.

Summary

Several security issues were fixed in Vim.

Software Description:

- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim was incorrectly processing Vim buffers.

An attacker could possibly use this issue to perform illegal memory

access and expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks

for column numbers when replacing tabs with spaces or spaces with

tabs, which could cause a heap buffer overflow. An attacker could

possibly use this issue to cause a denial of service or execute

arbitrary code. (CVE-2022-0572)

It was discovered that Vim was not properly performing validation of

data that contained special multi-byte characters, which could cause

an out-of-bounds read. An attacker could possibly use this issue to

cause a denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to

define indentation in a file, which could cause...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   vim                             2:7.4.1689-3ubuntu1.5+esm6

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5460-1

  CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,

  CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,

  CVE-2022-1620, CVE-2022-1621

Severity
critical
Lowest
Low
Medium
High
Critical

June 06, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.