Ubuntu alert USN-8171-1 (vim)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8171-1] Vim vulnerabilities | |
| Date: | Tue, 14 Apr 2026 00:55:38 +0000 | |
| Message-ID: | <E1wCS42-0006b1-Dx@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8171-1 April 13, 2026 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: Nathan Mills discovered that Vim could crash when parsing certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10 (CVE-2026-32249) It was discovered that Vim did not properly sanitize user input. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-33412) Avishay Matayev discovered that Vim's modeline sandbox could be bypassed when opening a maliciously-crafted file. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34982) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 vim 2:9.1.0967-1ubuntu6.2 vim-athena 2:9.1.0967-1ubuntu6.2 vim-common 2:9.1.0967-1ubuntu6.2 vim-gtk3 2:9.1.0967-1ubuntu6.2 vim-gui-common 2:9.1.0967-1ubuntu6.2 vim-motif 2:9.1.0967-1ubuntu6.2 vim-nox 2:9.1.0967-1ubuntu6.2 vim-runtime 2:9.1.0967-1ubuntu6.2 vim-tiny 2:9.1.0967-1ubuntu6.2 xxd 2:9.1.0967-1ubuntu6.2 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.11 vim-athena 2:9.1.0016-1ubuntu7.11 vim-common 2:9.1.0016-1ubuntu7.11 vim-gtk3 2:9.1.0016-1ubuntu7.11 vim-gui-common 2:9.1.0016-1ubuntu7.11 vim-motif 2:9.1.0016-1ubuntu7.11 vim-nox 2:9.1.0016-1ubuntu7.11 vim-runtime 2:9.1.0016-1ubuntu7.11 vim-tiny 2:9.1.0016-1ubuntu7.11 xxd 2:9.1.0016-1ubuntu7.11 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.27 vim-athena 2:8.2.3995-1ubuntu2.27 vim-common 2:8.2.3995-1ubuntu2.27 vim-gtk 2:8.2.3995-1ubuntu2.27 vim-gtk3 2:8.2.3995-1ubuntu2.27 vim-gui-common 2:8.2.3995-1ubuntu2.27 vim-nox 2:8.2.3995-1ubuntu2.27 vim-runtime 2:8.2.3995-1ubuntu2.27 vim-tiny 2:8.2.3995-1ubuntu2.27 xxd 2:8.2.3995-1ubuntu2.27 Ubuntu 20.04 LTS vim 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-athena 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-common 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-gtk 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-gtk3 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-gui-common 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-nox 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-runtime 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro vim-tiny 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro xxd 2:8.1.2269-1ubuntu5.32+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS vim 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-athena 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-common 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-gnome 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-gtk 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-gtk3 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-gui-common 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-nox 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-runtime 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro vim-tiny 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro xxd 2:8.0.1453-1ubuntu1.13+esm15 Available with Ubuntu Pro Ubuntu 16.04 LTS vim 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-athena 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-common 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gnome 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gtk 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gtk3 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-gui-common 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-nox 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-runtime 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro vim-tiny 2:7.4.1689-3ubuntu1.5+esm30 Available with Ubuntu Pro Ubuntu 14.04 LTS vim 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-athena 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-common 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-gnome 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-gtk 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-gui-common 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-lesstif 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-nox 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-runtime 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro vim-tiny 2:7.4.052-1ubuntu3.1+esm24 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8171-1 CVE-2026-32249, CVE-2026-33412, CVE-2026-34982 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubun... https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubun... https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmndgz8ACgkQcpJm3tlz hgGkiA/9GuhdfuTHo+idOSuW48xhAfEPfIpo75IqmZCMLJfOfWeg5O7PyZneLD7z CB3qV9IQQDBKxTSaBFf/sGIgzI8G35sHlpkRiwVswQFFI3mu6g51mmrO9glZtSxf UAMVpl5Uk3bntoVxNP4Gcj1WEndQ3TRbfHpS+Od/mIOeeGn9Blwzynfa0uPM/OeJ jYrkv/UtsfXlNrOpTXcz8wwoTMPgzMkCGYFOUGNK6ZZqTg3NUJEA9qlOHGf/6LIc T9ci3Genqqa+Nk5cEDM+s2uK51BP7wSUy+OdyrIulGUybLTPe+tMR909LBGVrp30 s1vyT4POWx9Xi9iK0qA9hx0G4wKisj+c4dW2u+3kZogKk9kY9Zq1N7GTYaNkeMqD TSe4tHbyp+6QakYOpcuQs4iRPfgURBpa52RS6GK966jm2SDCvGBXXPPbvVNM9lMB x64+PODx5ePmy7DJ/vOg8QyBXb7ZMX1OfKM45sVDDnS/9eIhXY6k8Sb6KDsL6KHt nCVetvEp23+m2YTPXjs5TODE0DFg/alJqbA3jHFEAlzgo2Z/d/RzpXdUbuqB8Qiv MEKpOBDaCc4Jvu9rTmA0qsVNHFmBbmsRuK/yIlVnO7ZuQOJwh5COC+mjqyI0Cjy5 vU+51TNHkPRkvOXzZsLcmQQuZzEt7+z14tjiXOO/+gQQ9z72UtU= =vAQW -----END PGP SIGNATURE-----