==========================================================================
\nUbuntu Security Notice USN-5460-1
\nJune 06, 2022<\/p>\n
vim vulnerabilities
\n==========================================================================<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
– Ubuntu 16.04 ESM<\/p>\n
Summary:<\/p>\n
Several security issues were fixed in Vim.<\/p>\n
Software Description:
\n– vim: Vi IMproved – enhanced vi editor<\/p>\n
Details:<\/p>\n
It was discovered that Vim was incorrectly processing Vim buffers.
\nAn attacker could possibly use this issue to perform illegal memory
\naccess and expose sensitive information. (CVE-2022-0554)<\/p>\n
It was discovered that Vim was not properly performing bounds checks
\nfor column numbers when replacing tabs with spaces or spaces with
\ntabs, which could cause a heap buffer overflow. An attacker could
\npossibly use this issue to cause a denial of service or execute
\narbitrary code. (CVE-2022-0572)<\/p>\n
It was discovered that Vim was not properly performing validation of
\ndata that contained special multi-byte characters, which could cause
\nan out-of-bounds read. An attacker could possibly use this issue to
\ncause a denial of service. (CVE-2022-0685)<\/p>\n
It was discovered that Vim was incorrectly processing data used to
\ndefine indentation in a file, which could cause a heap buffer
\noverflow. An attacker could possibly use this issue to cause a denial
\nof service. (CVE-2022-0714)<\/p>\n
It was discovered that Vim was incorrectly processing certain regular
\nexpression patterns and strings, which could cause an out-of-bounds
\nread. An attacker could possibly use this issue to cause a denial of
\nservice. (CVE-2022-0729)<\/p>\n
It was discovered that Vim was not properly performing bounds checks
\nwhen executing spell suggestion commands, which could cause a heap
\nbuffer overflow. An attacker could possibly use this issue to cause a
\ndenial of service or execute arbitrary code. (CVE-2022-0943)<\/p>\n
It was discovered that Vim was incorrectly performing bounds checks
\nwhen processing invalid commands with composing characters in Ex
\nmode, which could cause a buffer overflow. An attacker could possibly
\nuse this issue to cause a denial of service or execute arbitrary
\ncode. (CVE-2022-1616)<\/p>\n
It was discovered that Vim was not properly processing latin1 data
\nwhen issuing Ex commands, which could cause a heap buffer overflow.
\nAn attacker could possibly use this issue to cause a denial of
\nservice or execute arbitrary code. (CVE-2022-1619)<\/p>\n
It was discovered that Vim was not properly performing memory
\nmanagement when dealing with invalid regular expression patterns in
\nbuffers, which could cause a NULL pointer dereference. An attacker
\ncould possibly use this issue to cause a denial of service.
\n(CVE-2022-1620)<\/p>\n
It was discovered that Vim was not properly processing invalid bytes
\nwhen performing spell check operations, which could cause a heap
\nbuffer overflow. An attacker could possibly use this issue to cause a
\ndenial of service or execute arbitrary code. (CVE-2022-1621)<\/p>\n
Update instructions:<\/p>\n
The problem can be corrected by updating your system to the following
\npackage versions:<\/p>\n
Ubuntu 16.04 ESM:
\nvim 2:7.4.1689-3ubuntu1.5+esm6<\/p>\n
In general, a standard system update will make all the necessary changes.<\/p>\n
References:
\nhttps:\/\/ubuntu.com\/security\/notices\/USN-5460-1
\nCVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,
\nCVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,
\nCVE-2022-1620, CVE-2022-1621<\/p>\n","protected":false},"excerpt":{"rendered":"
========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 16.04 ESM Summary: Several security issues were fixed in Vim. Software Description: – vim: Vi IMproved – enhanced vi editor Details: It was discovered that Vim was incorrectly processing Vim buffers. …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-25554","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25554"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25554\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}