Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6452-1

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

Packet Storm
#vulnerability#ubuntu#dos#perl

==========================================================================
Ubuntu Security Notice USN-6452-1
October 25, 2023

vim vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Vim.

Software Description:

  • vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04. (CVE-2023-3896)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-4733, CVE-2023-4750)

It was discovered that Vim contained an arithmetic overflow. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2023-4734)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2023-4735, CVE-2023-5344)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu
23.10. (CVE-2023-4738)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04. (CVE-2023-4751)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781)

It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-5441)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
vim 2:9.0.1672-1ubuntu2.1
vim-athena 2:9.0.1672-1ubuntu2.1
vim-gtk3 2:9.0.1672-1ubuntu2.1
vim-nox 2:9.0.1672-1ubuntu2.1
vim-tiny 2:9.0.1672-1ubuntu2.1
xxd 2:9.0.1672-1ubuntu2.1

Ubuntu 23.04:
vim 2:9.0.1000-4ubuntu3.2
vim-athena 2:9.0.1000-4ubuntu3.2
vim-gtk3 2:9.0.1000-4ubuntu3.2
vim-nox 2:9.0.1000-4ubuntu3.2
vim-tiny 2:9.0.1000-4ubuntu3.2
xxd 2:9.0.1000-4ubuntu3.2

Ubuntu 22.04 LTS:
vim 2:8.2.3995-1ubuntu2.13
vim-athena 2:8.2.3995-1ubuntu2.13
vim-gtk 2:8.2.3995-1ubuntu2.13
vim-gtk3 2:8.2.3995-1ubuntu2.13
vim-nox 2:8.2.3995-1ubuntu2.13
vim-tiny 2:8.2.3995-1ubuntu2.13
xxd 2:8.2.3995-1ubuntu2.13

Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.20
vim-athena 2:8.1.2269-1ubuntu5.20
vim-gtk 2:8.1.2269-1ubuntu5.20
vim-gtk3 2:8.1.2269-1ubuntu5.20
vim-nox 2:8.1.2269-1ubuntu5.20
vim-tiny 2:8.1.2269-1ubuntu5.20
xxd 2:8.1.2269-1ubuntu5.20

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
vim 2:8.0.1453-1ubuntu1.13+esm6
vim-athena 2:8.0.1453-1ubuntu1.13+esm6
vim-gtk 2:8.0.1453-1ubuntu1.13+esm6
vim-gtk3 2:8.0.1453-1ubuntu1.13+esm6
vim-nox 2:8.0.1453-1ubuntu1.13+esm6
vim-tiny 2:8.0.1453-1ubuntu1.13+esm6
xxd 2:8.0.1453-1ubuntu1.13+esm6

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
vim 2:7.4.1689-3ubuntu1.5+esm20
vim-athena 2:7.4.1689-3ubuntu1.5+esm20
vim-gtk 2:7.4.1689-3ubuntu1.5+esm20
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm20
vim-nox 2:7.4.1689-3ubuntu1.5+esm20
vim-tiny 2:7.4.1689-3ubuntu1.5+esm20

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
vim 2:7.4.052-1ubuntu3.1+esm14
vim-athena 2:7.4.052-1ubuntu3.1+esm14
vim-gtk 2:7.4.052-1ubuntu3.1+esm14
vim-nox 2:7.4.052-1ubuntu3.1+esm14
vim-tiny 2:7.4.052-1ubuntu3.1+esm14

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6452-1
CVE-2023-3896, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735,
CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752,
CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535

Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.1
https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.2
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.13
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.20

Related news

Apple Security Advisory 12-11-2023-6

Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-5

Apple Security Advisory 12-11-2023-5 - macOS Ventura 13.6.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-4

Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.

CVE-2023-42926: About the security content of macOS Sonoma 14.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42932: About the security content of macOS Ventura 13.6.3

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-5441

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

CVE-2023-5344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2023-4781

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4750: heap-use-after-free in function bt_quickfix in vim

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

CVE-2023-4751

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

CVE-2023-4735

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4734: patch 9.0.1846: [security] crash in fullcommand · vim/vim@4c6fe2e

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Packet Storm: Latest News

Zeek 6.0.9