Packages
- vim - Vi IMproved - enhanced vi editor
Details
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)
It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. This issue only affected Ubuntu 14.04 ESM.
(CVE-2019-20807)
Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with...
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)
It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. This issue only affected Ubuntu 14.04 ESM.
(CVE-2019-20807)
Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872)
It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3903)
It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3927)
It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3928)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 21.10 impish | vim – 2:8.2.2434-3ubuntu3.1 | ||
| 21.04 hirsute | vim – 2:8.2.2434-1ubuntu1.2 | ||
| 20.04 focal | vim – 2:8.1.2269-1ubuntu5.4 | ||
| 18.04 bionic | vim – 2:8.0.1453-1ubuntu1.7 | ||
| 16.04 xenial | vim – 2:7.4.1689-3ubuntu1.5+esm3 | ||
| 14.04 trusty | vim – 2:7.4.052-1ubuntu3.1+esm4 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.