USN-5801-1

Source

https://ubuntu.com/security/notices/USN-5801-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5801-1.json

Related

Published

2023-01-12T21:31:55.931099Z

Modified

2023-01-12T21:31:55.931099Z

Details

It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 (CVE-2022-0392)

It was discovered that Vim makes illegal memory calls when making certain retab calls. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-0417)

References

Affected packages

Ubuntu:22.04:LTS / vim

Package

Name: vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:8.2.3995-1ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "vim-doc": "2:8.2.3995-1ubuntu2.3",
            "vim-athena": "2:8.2.3995-1ubuntu2.3",
            "vim-gui-common": "2:8.2.3995-1ubuntu2.3",
            "vim": "2:8.2.3995-1ubuntu2.3",
            "vim-tiny": "2:8.2.3995-1ubuntu2.3",
            "vim-common": "2:8.2.3995-1ubuntu2.3",
            "vim-runtime": "2:8.2.3995-1ubuntu2.3",
            "vim-gtk3": "2:8.2.3995-1ubuntu2.3",
            "vim-gtk": "2:8.2.3995-1ubuntu2.3",
            "xxd": "2:8.2.3995-1ubuntu2.3",
            "vim-nox": "2:8.2.3995-1ubuntu2.3"
        }
    ]
}

Ubuntu:20.04:LTS / vim

Package

Name: vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:8.1.2269-1ubuntu5.11

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "vim-doc": "2:8.1.2269-1ubuntu5.11",
            "vim-athena": "2:8.1.2269-1ubuntu5.11",
            "vim-gui-common": "2:8.1.2269-1ubuntu5.11",
            "vim": "2:8.1.2269-1ubuntu5.11",
            "vim-tiny": "2:8.1.2269-1ubuntu5.11",
            "vim-common": "2:8.1.2269-1ubuntu5.11",
            "vim-runtime": "2:8.1.2269-1ubuntu5.11",
            "vim-gtk3": "2:8.1.2269-1ubuntu5.11",
            "vim-gtk": "2:8.1.2269-1ubuntu5.11",
            "xxd": "2:8.1.2269-1ubuntu5.11",
            "vim-nox": "2:8.1.2269-1ubuntu5.11"
        }
    ]
}

Ubuntu:18.04:LTS / vim

Package

Name: vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:8.0.1453-1ubuntu1.10

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "vim-doc": "2:8.0.1453-1ubuntu1.10",
            "vim-athena": "2:8.0.1453-1ubuntu1.10",
            "vim-gnome": "2:8.0.1453-1ubuntu1.10",
            "vim-gui-common": "2:8.0.1453-1ubuntu1.10",
            "vim": "2:8.0.1453-1ubuntu1.10",
            "vim-tiny": "2:8.0.1453-1ubuntu1.10",
            "vim-common": "2:8.0.1453-1ubuntu1.10",
            "vim-runtime": "2:8.0.1453-1ubuntu1.10",
            "vim-gtk3": "2:8.0.1453-1ubuntu1.10",
            "vim-gtk": "2:8.0.1453-1ubuntu1.10",
            "xxd": "2:8.0.1453-1ubuntu1.10",
            "vim-nox": "2:8.0.1453-1ubuntu1.10"
        }
    ]
}