Ubuntu alert USN-8213-1 (vim)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8213-1] Vim vulnerabilities | |
| Date: | Tue, 28 Apr 2026 00:19:13 +0000 | |
| Message-ID: | <E1wHWAT-0007Rs-Vl@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8213-1 April 27, 2026 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: MichaĆ Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-39881) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 vim 2:9.1.0967-1ubuntu6.3 vim-athena 2:9.1.0967-1ubuntu6.3 vim-common 2:9.1.0967-1ubuntu6.3 vim-gtk3 2:9.1.0967-1ubuntu6.3 vim-gui-common 2:9.1.0967-1ubuntu6.3 vim-motif 2:9.1.0967-1ubuntu6.3 vim-nox 2:9.1.0967-1ubuntu6.3 vim-runtime 2:9.1.0967-1ubuntu6.3 vim-tiny 2:9.1.0967-1ubuntu6.3 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.12 vim-athena 2:9.1.0016-1ubuntu7.12 vim-common 2:9.1.0016-1ubuntu7.12 vim-gtk3 2:9.1.0016-1ubuntu7.12 vim-gui-common 2:9.1.0016-1ubuntu7.12 vim-motif 2:9.1.0016-1ubuntu7.12 vim-nox 2:9.1.0016-1ubuntu7.12 vim-runtime 2:9.1.0016-1ubuntu7.12 vim-tiny 2:9.1.0016-1ubuntu7.12 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.28 vim-athena 2:8.2.3995-1ubuntu2.28 vim-common 2:8.2.3995-1ubuntu2.28 vim-gtk 2:8.2.3995-1ubuntu2.28 vim-gtk3 2:8.2.3995-1ubuntu2.28 vim-gui-common 2:8.2.3995-1ubuntu2.28 vim-nox 2:8.2.3995-1ubuntu2.28 vim-runtime 2:8.2.3995-1ubuntu2.28 vim-tiny 2:8.2.3995-1ubuntu2.28 Ubuntu 20.04 LTS vim 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-athena 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-common 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-gtk 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-gtk3 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-gui-common 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-nox 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-runtime 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro vim-tiny 2:8.1.2269-1ubuntu5.32+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS vim 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-athena 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-common 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-gnome 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-gtk 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-gtk3 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-gui-common 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-nox 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-runtime 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro vim-tiny 2:8.0.1453-1ubuntu1.13+esm16 Available with Ubuntu Pro Ubuntu 16.04 LTS vim 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-athena 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-common 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gnome 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gtk 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gtk3 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-gui-common 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-nox 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-runtime 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro vim-tiny 2:7.4.1689-3ubuntu1.5+esm31 Available with Ubuntu Pro Ubuntu 14.04 LTS vim 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-athena 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-common 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-gnome 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-gtk 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-gui-common 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-lesstif 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-nox 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-runtime 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro vim-tiny 2:7.4.052-1ubuntu3.1+esm25 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8213-1 CVE-2026-35177, CVE-2026-39881 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubun... https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubun... https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnv/BMACgkQcpJm3tlz hgGzMRAAxROllLM3MG5IC/ZtJp9rvW5BJdOQuhYXi9VFxrs0Dyp5B0HzlDcMkV8F IFK5DIsvzePj9VFib4bY9EqQhqp0Qq/KkBRZb7FAmOCqnw2XRSrb/WrygwmyN8wB j0SNvGFbcOqPLwF9tRMMC808BLWGEC0OMGWEJosjerCa9cntwXJaC2PY9THIfZ5w 6u1f+FJp4JSQU64fKEW60pP6kYg2nWWY6CrjkXNrIBtGB+LeNEqcnO+8o2buOjx3 W5QF9S4cTFRRG8cgjKcpvjxiSJCXCYvQcq/mqnMip9/DWA0ODI41hfpI875Ugk7Z wa7yUlGOctCFaySv5NJxVGE/LHYpOWGuv5ybG1uz9CqcGzF8/KkmjsNmlMba385B 2uw0hc5yOzX3+S4cMYQKzThjgs2ZpOWCv8055I/BxhQqOochI2JmvY0CZO8i6Hxw FSjrPVfNx/7TZW0B3zEJA01WXI4RHmImf8UybrrCGee2jIVFQsdueldN9//RwOTA nEXZO4t+Dd7XsEW9DkYYSJMKtRN1JryWaNhRad54SEtnLaRUd0R9wBgnPXIkYrYh lJxRZ+tqnDOGHOKBjL9a5E6vXWaEjq6haf8w/g0qdj2gQFgDAwp92UOz6dEWPtJx U9M9dVtiV8tsny7cIu/zBAr2cXZvVSjiJ3dD2429UFOWVPplWWA= =e3/s -----END PGP SIGNATURE-----