Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 20.04 LTS USN-5613-2: Moderate Vim Regression Fixed

ubuntu
Calendar Grey September 19, 2022
Dist Ubuntu Esm H88
Ubuntu addressed a minor issue in Vim related to USN-5613-1 on September 19, 2022, affecting Ubuntu 20.04 LTS and its derivatives.
USN-5613-1 caused a regression in Vim.

Summary

USN-5613-1 caused a regression in Vim.

Software Description:

- vim: Vi IMproved - enhanced vi editor

Details:

USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed

to include binary packages for some architectures. This update fixes that

regression.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Vim was not properly performing bounds checks

when executing spell suggestion commands. An attacker could possibly use

this issue to cause a denial of service or execute arbitrary code.

(CVE-2022-0943)

It was discovered that Vim was using freed memory when dealing with

regular expressions through its old regular expression engine. If a user

were tricked into opening a specially crafted file, an attacker could

crash the application, leading to a denial of service, or possibly achieve

code execution. (CVE-2022-1154)

It was discovered that Vim was not properly performing checks on name of

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  vim                             2:8.1.2269-1ubuntu5.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5613-2

https://ubuntu.com/security/notices/USN-5613-1

CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616,

CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, https://bugs.launchpad.net/ubuntu/+source/vim/+bug/1989973

September 19, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.