Ubuntu alert USN-8304-1 (vim)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8304-1] Vim vulnerabilities | |
| Date: | Mon, 25 May 2026 20:36:52 +0000 | |
| Message-ID: | <E1wRc2e-00081V-6z@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8304-1 May 25, 2026 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: Joshua Rogers discovered that Vim incorrectly handled certain URL schemes in the netrw plugin. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-42307) It was discovered that Vim incorrectly handled command-line completion for the :find command. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-44656) Daniel Cervera discovered that Vim incorrectly handled loading spell files. An attacker could possibly use this issue to cause a denial of service, or to execute arbitrary code. (CVE-2026-45130) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS vim 2:9.1.2141-1ubuntu4.2 vim-common 2:9.1.2141-1ubuntu4.2 vim-gtk3 2:9.1.2141-1ubuntu4.2 vim-gui-common 2:9.1.2141-1ubuntu4.2 vim-motif 2:9.1.2141-1ubuntu4.2 vim-nox 2:9.1.2141-1ubuntu4.2 vim-runtime 2:9.1.2141-1ubuntu4.2 vim-tiny 2:9.1.2141-1ubuntu4.2 Ubuntu 25.10 vim 2:9.1.0967-1ubuntu6.5 vim-athena 2:9.1.0967-1ubuntu6.5 vim-common 2:9.1.0967-1ubuntu6.5 vim-gtk3 2:9.1.0967-1ubuntu6.5 vim-gui-common 2:9.1.0967-1ubuntu6.5 vim-motif 2:9.1.0967-1ubuntu6.5 vim-nox 2:9.1.0967-1ubuntu6.5 vim-runtime 2:9.1.0967-1ubuntu6.5 vim-tiny 2:9.1.0967-1ubuntu6.5 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.14 vim-athena 2:9.1.0016-1ubuntu7.14 vim-common 2:9.1.0016-1ubuntu7.14 vim-gtk3 2:9.1.0016-1ubuntu7.14 vim-gui-common 2:9.1.0016-1ubuntu7.14 vim-motif 2:9.1.0016-1ubuntu7.14 vim-nox 2:9.1.0016-1ubuntu7.14 vim-runtime 2:9.1.0016-1ubuntu7.14 vim-tiny 2:9.1.0016-1ubuntu7.14 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.30 vim-athena 2:8.2.3995-1ubuntu2.30 vim-common 2:8.2.3995-1ubuntu2.30 vim-gtk 2:8.2.3995-1ubuntu2.30 vim-gtk3 2:8.2.3995-1ubuntu2.30 vim-gui-common 2:8.2.3995-1ubuntu2.30 vim-nox 2:8.2.3995-1ubuntu2.30 vim-runtime 2:8.2.3995-1ubuntu2.30 vim-tiny 2:8.2.3995-1ubuntu2.30 Ubuntu 20.04 LTS vim 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-athena 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-common 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-gtk 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-gtk3 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-gui-common 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-nox 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-runtime 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro vim-tiny 2:8.1.2269-1ubuntu5.32+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS vim 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-athena 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-common 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-gnome 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-gtk 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-gtk3 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-gui-common 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-nox 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-runtime 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro vim-tiny 2:8.0.1453-1ubuntu1.13+esm17 Available with Ubuntu Pro Ubuntu 16.04 LTS vim 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-athena 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-common 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gnome 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gtk 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gtk3 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-gui-common 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-nox 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-runtime 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro vim-tiny 2:7.4.1689-3ubuntu1.5+esm32 Available with Ubuntu Pro Ubuntu 14.04 LTS vim 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-athena 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-common 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-gnome 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-gtk 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-gui-common 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-lesstif 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-nox 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-runtime 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro vim-tiny 2:7.4.052-1ubuntu3.1+esm26 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8304-1 CVE-2026-42307, CVE-2026-44656, CVE-2026-45130 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.1.2141-1ubun... https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubun... https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubun... https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoUsl4ACgkQcpJm3tlz hgE6kw/9GbkX+uF6ypU/SAKSLoscDaIKfa7SOSSY/jYx4BDybODcoViflc79vrzo 99VubuFXhwI4n6TAicOtC5wPPyTgqAY+Sqs3jwVEpr2Mo3MSijIin+d8vb+PY89s Ur1qeylDNwE7eEjSL+qx0Pi7lMdv+S8I2fcaRswMFVZsS4wVUgQy0l/R6dZMQpNb VahhcsrR+MEtytVNGVKX8v24KjQl2HGtvNvx1uzMr0F4UqHsPm8ammmyTtmJrvzL uwX16Gp2CXOGUy6XmiT50I3u/8uDKjxTq7s+t3ytaZp2AbsWplFOn7wwQDAz4wjN Y1gQoBwh2MLSpfU2LgsL5uEXr1PFd+0xvSShq/+xJdb+ybTFVw0B8fl40hHyr9xG gWvx1LfP/vRLnul+PMhz1U+vuu+il7YviAXAHpQaG0eTwokZxtAibGIAfz19N7xZ VCuKTx6d38ibzyCMKyuNuYak4xe+IJbENKYVIhnXBDLWIcRoLB+49MoKi/Ztveob XY29mFzU+AE+AUuEM9ZzYZ/++xV22j5ya09Q4oFgBdwZZ09kxFZDgvxIuoJrKgX1 n5iMW21OG1m3mhUnzREOzgANaKqsOntes64sFGg0Xt0g1BQzZrHyMvVWNyPeWEZR 4W/gxXmZxCe5qrNgMD+7Jdbm7aYoO0YnkUkU8wH3FwQgqIOY5jo= =hWd7 -----END PGP SIGNATURE-----