Headline
Ubuntu Security Notice USN-5458-1
Ubuntu Security Notice 5458-1 - It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5458-1June 02, 2022vim vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Several security issues were fixed in Vim.Software Description:- vim: Vi IMproved - enhanced vi editorDetails:It was discovered that Vim was incorrectly handling virtual columnposition operations, which could result in an out-of-bounds read. Anattacker could possibly use this issue to expose sensitiveinformation. (CVE-2021-4193)It was discovered that Vim was not properly performing bounds checkswhen updating windows present on a screen, which could result in aheap buffer overflow. An attacker could possibly use this issue tocause a denial of service or execute arbitrary code. (CVE-2022-0213)It was discovered that Vim was incorrectly handling windowexchanging operations when in Visual mode, which could result in anout-of-bounds read. An attacker could possibly use this issue toexpose sensitive information. (CVE-2022-0319)It was discovered that Vim was incorrectly handling recursion whenparsing conditional expressions. An attacker could possibly use thisissue to cause a denial of service or execute arbitrary code.(CVE-2022-0351)It was discovered that Vim was not properly handling memoryallocation when processing data in Ex mode, which could result in aheap buffer overflow. An attacker could possibly use this issue tocause a denial of service or execute arbitrary code.(CVE-2022-0359)It was discovered that Vim was not properly performing bounds checkswhen executing line operations in Visual mode, which could result ina heap buffer overflow. An attacker could possibly use this issue tocause a denial of service or execute arbitrary code.(CVE-2022-0361, CVE-2022-0368)It was discovered that Vim was not properly handling loop conditionswhen looking for spell suggestions, which could result in a stackbuffer overflow. An attacker could possibly use this issue to causea denial of service or execute arbitrary code. (CVE-2022-0408)It was discovered that Vim was incorrectly handling memory accesswhen executing buffer operations, which could result in the usage offreed memory. An attacker could possibly use this issue to executearbitrary code. (CVE-2022-0443)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm5In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5458-1 CVE-2021-4193, CVE-2022-0213, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443
Related news
Ubuntu Security Notice 6026-1 - It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.
Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
Use After Free in GitHub repository vim/vim prior to 8.2.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read in vim/vim prior to 8.2.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Out-of-bounds Read