USN-5723-1: Vim vulnerabilities
14 November 2022
Several security issues were fixed in Vim.
Releases
Packages
- vim - Vi IMproved - enhanced vi editor
Details
It was discovered that Vim could be made to crash when searching specially
crafted patterns. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An
attacker could possibly use this to crash Vim and cause denial of service.
(CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. An attacker could possibly use this
to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. An attacker could possibly use this to
crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's
spelldump. An attacker could possibly use this to crash Vim and cause
denial of service. (CVE-2022-2304)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
vim-nox-py2
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gnome
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-athena-py2
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-athena
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gtk
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gtk3-py2
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gtk-py2
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-tiny
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gnome-py2
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-gtk3
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
-
vim-nox
-
2:7.4.1689-3ubuntu1.5+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5995-1: vim-gui-common, vim-gtk3, vim-common, vim-doc, vim-gtk, vim-runtime, vim-lesstif, vim, vim-tiny, vim-nox, xxd, vim-gnome, vim-athena, vim-motif
- USN-6557-1: vim-nox-py2, xxd, vim-gtk3-py2, vim-gtk-py2, vim-lesstif, vim-athena, vim-gtk3, vim-common, vim-gnome-py2, vim-gtk, vim-runtime, vim-tiny, vim-motif, vim-gui-common, vim-doc, vim, vim-nox, vim-athena-py2, vim-gnome