Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in Vim.. ========================================================================== Ubuntu Security Notice USN-8541-1 July 14, 2026 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: Hirohito Higashi discovered that Vim incorrectly escaped class or trait names when performing PHP omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted PHP file and executing arbitrary commands. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856) Hirohito Higashi discovered that Vim incorrectly handled sound-folding of certain words when using a spell file. An attacker could possibly use this issue to cause Vim to crash, resulting in a denial of service. (CVE-2026-59857) It was discovered that Vim incorrectly escaped certain tags file fields when performing C omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted file and executing arbitrary commands. (CVE-2026-59858) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS vim 2:9.1.2141-1ubuntu4.7 vim-common 2:9.1.2141-1ubuntu4.7 vim-gtk3 2:9.1.2141-1ubuntu4.7 vim-gui-common 2:9.1.2141-1ubuntu4.7 vim-motif 2:9.1.2141-1ubuntu4.7 vim-nox 2:9.1.2141-1ubuntu4.7 vim-runtime 2:9.1.2141-1ubuntu4.7 vim-tiny 2:9.1.2141-1ubuntu4.7 xxd 2:9.1.2141-1ubuntu4.7 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.18 vim-athena 2:9.1.0016-1ubuntu7.18 vim-common 2:9.1.0016-1ubuntu7.18 vim-gtk3 2:9.1.0016-1ubuntu7.18 vim-gui-common 2:9.1.0016-1ubuntu7.18 vim-motif 2:9.1.0016-1ubuntu7.18 vim-nox 2:9.1.0016-1ubuntu7.18 vim-runtime 2:9.1.0016-1ubuntu7.18 vim-tiny 2:9.1.0016-1ubuntu7.18 xxd 2:9.1.0016-1ubuntu7.18 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.34 vim-athena 2:8.2.3995-1ubuntu2.34 vim-common 2:8.2.3995-1ubuntu2.34 vim-gtk 2:8.2.3995-1ubuntu2.34 vim-gtk3 2:8.2.3995-1ubuntu2.34 vim-gui-common 2:8.2.3995-1ubuntu2.34 vim-nox 2:8.2.3995-1ubuntu2.34 vim-runtime 2:8.2.3995-1ubuntu2.34 vim-tiny 2:8.2.3995-1ubuntu2.34 xxd 2:8.2.3995-1ubuntu2.34 Ubuntu 20.04 LTS vim 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-athena 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-common 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-gtk 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-gtk3 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-gui-common 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-nox 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-runtime 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro vim-tiny 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro xxd 2:8.1.2269-1ubuntu5.32+esm10 Available with Ubuntu Pro Ubuntu 18.04 LTS vim 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-athena 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-common 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-gnome 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-gtk 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-gtk3 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-gui-common 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-nox 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-runtime 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro vim-tiny 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro xxd 2:8.0.1453-1ubuntu1.13+esm22 Available with Ubuntu Pro Ubuntu 16.04 LTS vim 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-athena 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-common 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gnome 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gtk 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gtk3 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-gui-common 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-nox 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-runtime 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro vim-tiny 2:7.4.1689-3ubuntu1.5+esm37 Available with Ubuntu Pro Ubuntu 14.04 LTS vim 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-athena 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-common 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-gnome 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-gtk 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-gui-common 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-lesstif 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-nox 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-runtime 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro vim-tiny 2:7.4.052-1ubuntu3.1+esm31 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8541-1 CVE-2026-59856, CVE-2026-59857, CVE-2026-59858 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.1.2141-1ubuntu4.7 https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.18 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.34 . Security issues in Vim were addressed in Ubuntu updates, ensuring user protection from command execution risks.. Ubuntu updates,Vim security issues,Patch management. . Severity: Important. LinuxSecurity.com Team
A flaw was discovered in libconfig-inifiles-perl, a Perl module to read .ini-style configuration files, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted file names. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4637-1
Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in privilege escalation or the execution of arbitrary commands. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.2-5+deb12u4.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6188-1
Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in denial of service or the execution of arbitrary commands. For the stable distribution (trixie), these problems have been fixed in version 6.0.4-2+deb13u5.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6184-1
An update that solves three vulnerabilities can now be installed.. # Security update for vim Announcement ID: SUSE-SU-2026:0910-1 Release Date: 2026-03-17T19:34:41Z Rating: moderate References: * bsc#1246602 * bsc#1258229 * bsc#1259051 Cross-References: * CVE-2025-53906 * CVE-2026-26269 * CVE-2026-28417 CVSS scores: * CVE-2025-53906 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L * CVE-2025-53906 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2025-53906 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2026-26269 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-26269 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26269 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-28417 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28417 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-28417 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-28417 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update thatsolves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update Vim to version 9.2.0110: * CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). * CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). * CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-910=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-910=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-910=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-910=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-910=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-910=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-910=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-910=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-910=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-910=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-910=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 *gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * openSUSE Leap 15.6 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * Basesystem Module 15-SP7 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debugsource-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 *vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * vim-debugsource-9.2.0110-150500.20.43.1 * vim-small-9.2.0110-150500.20.43.1 * gvim-9.2.0110-150500.20.43.1 * vim-debuginfo-9.2.0110-150500.20.43.1 * vim-9.2.0110-150500.20.43.1 * gvim-debuginfo-9.2.0110-150500.20.43.1 * vim-small-debuginfo-9.2.0110-150500.20.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * vim-data-9.2.0110-150500.20.43.1 * vim-data-common-9.2.0110-150500.20.43.1 ## References: * https://www.suse.com/security/cve/CVE-2025-53906.html * https://www.suse.com/security/cve/CVE-2026-26269.html * https://www.suse.com/security/cve/CVE-2026-28417.html * https://bugzilla.suse.com/show_bug.cgi?id=1246602 * https://bugzilla.suse.com/show_bug.cgi?id=1258229 * https://bugzilla.suse.com/show_bug.cgi?id=1259051 . Critical update for SUSE vim addresses three security flaws preventing potential exploitation.. SUSE Security Update, vim Issues, Linux Patch Management, Moderate Severity Vulnerabilities. . LinuxSecurity.com Team
Zutty could be made to execute arbitrary commands.. ========================================================================== Ubuntu Security Notice USN-8078-1 March 05, 2026 zutty vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Zutty could be made to execute arbitrary commands. Software Description: - zutty: X terminal emulator Details: Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS zutty 0.11.2.20220109.192032+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8078-1 CVE-2022-41138 . Zutty vulnerability allows arbitrary commands execution on Ubuntu 22.04 LTS. Update instructions included for security.. Ubuntu Zutty security update, arbitrary command execution, Linux terminal vulnerability. . Severity: Important. LinuxSecurity.com Team
less could be made to crash or run arbitrary commands if it received crafted input.. ========================================================================== Ubuntu Security Notice USN-8079-1 March 05, 2026 less vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: less could be made to crash or run arbitrary commands if it received crafted input. Software Description: - less: pager program similar to more Details: It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS less 458-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8079-1 CVE-2022-48624 . Update your Ubuntu 14.04 LTS to fix less command vulnerability causing potential crashing and arbitrary command execution.. Ubuntu Security Notice, less command vulnerability, Denial of Service Ubuntu. . Severity: Important. LinuxSecurity.com Team
USN-5376-1 introduced a regression in Git. ========================================================================== Ubuntu Security Notice USN-5376-6 March 02, 2026 git regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-5376-1 introduced a regression in Git Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: \u4fde\u6668\u4e1c discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS git 1:2.17.1-1ubuntu0.18+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-6 https://ubuntu.com/security/notices/USN-5376-5 https://ubuntu.com/security/notices/USN-5376-4 https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-2 https://ubuntu.com/security/notices/USN-5376-1 https://launchpad.net/bugs/2142239 . A regression in Git for Ubuntu 18.04 LTS allows potential arbitrary commands. Immediate updates recommended.. Git Security Update, Ubuntu 18-04 LTS Security, Git Regression Fix, Ubuntu Repositories Update. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.