USN-5093-1: Vim vulnerabilities

28 September 2021

Several security issues were fixed in Vim.

Releases

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possibly execute
arbitrary code with user privileges. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3770)

Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possibly execute
arbitrary code with user privileges. (CVE-2021-3778)

Dhiraj Mishra discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possibly execute
arbitrary code with user privileges. (CVE-2021-3796)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.