Ubuntu alert USN-7131-1 (vim)
| From: | Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7131-1] Vim vulnerability | |
| Date: | Wed, 27 Nov 2024 15:40:48 -0330 | |
| Message-ID: | <5d29f47e-7bd7-4ca5-8fc1-a5e9b9a0efb7@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7131-1 November 27, 2024 vim vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Vim could be made to crash if it received specially crafted input. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 vim 2:9.1.0496-1ubuntu6.2 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.5 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.21 Ubuntu 20.04 LTS vim 2:8.1.2269-1ubuntu5.29 Ubuntu 18.04 LTS vim 2:8.0.1453-1ubuntu1.13+esm11 Available with Ubuntu Pro Ubuntu 16.04 LTS vim 2:7.4.1689-3ubuntu1.5+esm26 Available with Ubuntu Pro Ubuntu 14.04 LTS vim 2:7.4.052-1ubuntu3.1+esm20 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7131-1 CVE-2024-47814 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.1.0496-1ubun... https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubun... https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubun... https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubun...
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdHbrkFAwAAAAAACgkQyfW2m9Ldu6tz VBAAgaTZng9vqiqd00Nmc1Ptp36ZizdIjrdH2WDZDHltwk+OlplMMrtxRo6GvxASeoluj8mUza41 iNhUTGfuraT3ni5dNYp7Q7qaXKPpUMjvdwES39aU/gABJLTV5b0QrtWn/cQdH6PC5sXd1cfpPa1g 2TYSw8POSYwGIlE+7KMV3XeqqdReXrKbie6X0vyExFT0he//SZUEJBDL/6uF5D+/4StglcSnFCaU FkfufF3r5a6pSfPYEK5F+k+jb29uNkikS6K+cP/k38y6ucAGYwPVicDTLEH5RvqUEj2MEC/iXJBH JNpn35e9UFutewjL98SLX34VH70mKqQGm703odZJ4bLEUDwQXQIhw+p4EVeZHD8a4w2ct0psqZVl /CcZflDoikz9dIwYlTz/74tctjJsT7otJoXyqYEiUxsK7ZiQim0UTGoOy1+0OXdmUGdp8FWnWRr2 TAoNPYmG8xKHxB0H4S/DNzaHW+v9MxF4rb97GDjW6Z96K4nTsR+HmhPUkPYVAnMW0iviFQiRV5lP oPiQCmQ/EW5syrrb2rTClZC/0NRKsVMXzfva3LOjY6XLu+8WbGOTFQrcFCD9pLcgH8XK4aUXgkp+ biLVjRZ6a320bx/4CAwRt9CCPCNGJTuhQHbgoIlwxWp+FyJFIPm1mQuTxZAnpUAUtMrk8tbAs43e Ljw= =BEaE -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)