UbuntuUpdates.org

Package "vim-nox"

Name: vim-nox

Description:

Vi IMproved - enhanced vi editor - with scripting languages support

Latest version: 2:8.2.3995-1ubuntu2.16
Release: jammy (22.04)
Level: security
Repository: universe
Head package: vim
Homepage: https://www.vim.org/

Links


Download "vim-nox"


Other versions of "vim-nox" in Jammy

Repository Area Version
base universe 2:8.2.3995-1ubuntu2
updates universe 2:8.2.3995-1ubuntu2.16

Changelog

Version: 2:8.2.3995-1ubuntu2.16 2024-03-18 18:06:57 UTC

  vim (2:8.2.3995-1ubuntu2.16) jammy-security; urgency=medium

  * SECURITY UPDATE: stack based buffer overflow
    - debian/patches/CVE-2024-22667.patch: passes error buffer length down
      through option callback functions.
    - debian/patches/remove-flaky-matchfuzzy-test.patch: removing flaky test
      initially introduced in d/p/CVE-2023-2426.patch due to long run time
      causing the test and builds to fail.
    - CVE-2024-22667

 -- Ian Constantin <email address hidden> Thu, 14 Mar 2024 11:05:11 +0200

Source diff to previous version
CVE-2024-22667 Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down
CVE-2023-2426 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

Version: 2:8.2.3995-1ubuntu2.15 2023-12-14 17:07:04 UTC

  vim (2:8.2.3995-1ubuntu2.15) jammy-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
      in more places.
    - CVE-2022-1725
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
    - CVE-2022-1771
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2022-1886.patch: Check the length is more than zero.
    - CVE-2022-1886
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
      command.
    - CVE-2022-1897
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2000.patch: addresses the potential for an
      overflow by adding a bounds check and truncating the message if needed.
    - CVE-2022-2000
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-2042.patch: Initialize "attr". Check for empty
      line early.
    - CVE-2022-2042
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-46246.patch: Check that the return value from the
      vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
      an error.
    - CVE-2023-46246
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48231.patch: If the current window structure is
      no longer valid, fail and return before attempting to set win->w_closing
      variable.
    - CVE-2023-48231
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
      larger than what fits into a (signed) long variable, abort with
      e_value_too_large.
    - CVE-2023-48233
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
      command, it may overflow for large counts given. So verify, that we can
      safely store the result in a long.
    - CVE-2023-48234
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
      one may unintentionally cause an overflow (because LONG_MAX - lnum will
      overflow for negative addresses).
    - CVE-2023-48235
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
      overflow the count with values larger than MAX_INT. So verify that we do
      not overflow and in case when an overflow is detected, simply return 0.
    - CVE-2023-48236
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
      pending mode and using a very large value, we may overflow the size of
      integer. Fix this by using a long variable, testing if the result would
      be larger than INT_MAX and if so, indent by INT_MAX value.
    - CVE-2023-48237
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48706.patch: ensure that the sub var always using
      allocated memory.
    - CVE-2023-48706

 -- Fabian Toepfer <email address hidden> Tue, 05 Dec 2023 18:58:57 +0100

Source diff to previous version
CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1771 Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
CVE-2022-1886 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2023-46246 Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `sr
CVE-2023-48231 Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond cras
CVE-2023-48233 Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with
CVE-2023-48234 Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is
CVE-2023-48235 Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens
CVE-2023-48236 Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is
CVE-2023-48237 Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it ma
CVE-2023-48706 Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time

Version: 2:8.2.3995-1ubuntu2.13 2023-10-25 19:14:23 UTC

  vim (2:8.2.3995-1ubuntu2.13) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
      reset_VIsual() in do_ecmd.
    - CVE-2023-4733
  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
      f_fullcommand.
    - CVE-2023-4734
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
      overflow in do_addsub.
    - CVE-2023-4735
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4750.patch: Check buffer is valid before
      accessing it.
    - CVE-2023-4750
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
      to avoid illegal memory access.
    - CVE-2023-4751
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
      in ins_compl_get_exp.
    - CVE-2023-4752
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
      textlock is active in vim_regsub_both.
    - CVE-2023-4781
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
      trunc_string.
    - CVE-2023-5344
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
      in gui_do_scroll.
    - CVE-2023-5441
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-5535.patch: block autocommands in
      buf_contents_changed.
    - CVE-2023-5535

 -- Fabian Toepfer <email address hidden> Mon, 16 Oct 2023 20:15:38 +0200

Source diff to previous version
CVE-2023-4733 Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-4734 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
CVE-2023-4735 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
CVE-2023-4750 Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2023-4751 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
CVE-2023-4752 Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVE-2023-4781 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
CVE-2023-5344 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
CVE-2023-5441 NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
CVE-2023-5535 Use After Free in GitHub repository vim/vim prior to v9.0.2010.

Version: 2:8.2.3995-1ubuntu2.12 2023-10-10 16:07:31 UTC

  vim (2:8.2.3995-1ubuntu2.12) jammy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
    - debian/patches/CVE-2022-3491.patch: Do not return an invalid pointer.
      Fix skipping redirection
    - debian/patches/CVE-2022-3520.patch: Check that the column does not
      become negative.
    - CVE-2022-3234
    - CVE-2022-3491
    - CVE-2022-3520
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-3235.patch: Make sure pointer to b_p_iminsert
      is still valid.
    - debian/patches/CVE-2022-3256.patch: Copy the mark before editing
      another buffer
    - debian/patches/CVE-2022-3297.patch: Make a copy of the option. Make
      sure cursor position is valid
    - debian/patches/CVE-2022-3352.patch: Disallow deleting the current
      buffer to avoid using freed memory
    - debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
      buffer
    - debian/patches/CVE-2022-3705.patch: Set the quickfix-busy flag while
      filling the buffer
    - debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
      exists.
    - CVE-2022-3235
    - CVE-2022-3256
    - CVE-2022-3297
    - CVE-2022-3352
    - CVE-2022-3591
    - CVE-2022-3705
    - CVE-2022-4292
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-3278.patch: Don't get a next line when
      skipping over NL
    - CVE-2022-3278
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2022-3324.patch: Make sure the window width does
      not become negative
    - CVE-2022-3324
  * SECURITY UPDATE: incorrect floating point comparison
    - debian/patches/CVE-2022-4293.patch: fix floating point comparison
    - CVE-2022-4293
  * debian/patches/fix_flaky_tests.patch: fix some flaky tests

 -- Nishit Majithia <email address hidden> Fri, 06 Oct 2023 13:19:43 +0530

Source diff to previous version
CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3491 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
CVE-2022-3520 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-3256 Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVE-2022-3297 Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2022-3591 Use After Free in GitHub repository vim/vim prior to 9.0.0789.
CVE-2022-3705 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the
CVE-2022-4292 Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2022-3278 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
CVE-2022-4293 Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.

Version: 2:8.2.3995-1ubuntu2.11 2023-08-21 14:07:42 UTC

  vim (2:8.2.3995-1ubuntu2.11) jammy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2522.patch: Terminate string with NUL
    - debian/patches/CVE-2022-2580.patch: Properly skip over <Key> form
    - debian/patches/CVE-2022-2819.patch: Don't read past the end of the
      line
    - CVE-2022-2522
    - CVE-2022-2580
    - CVE-2022-2819
  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2598.patch: Make sure the line number does
      not go below one.
    - CVE-2022-2598
  * SECURITY UPDATE: out-of-bounds read issue
    - debian/patches/CVE-2022-2816.patch: Don't read past the end of the
      line
    - CVE-2022-2816
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-2817.patch: Make a copy of the error
    - debian/patches/CVE-2022-2862.patch: Mess up the variable name so that
      it won't be found
    - debian/patches/CVE-2022-2889.patch: Free eval_tofree later
    - debian/patches/CVE-2022-2982.patch: Do not allow for recursion
    - debian/patches/CVE-2022-3016.patch: Return QF_ABORT and handle it.
    - debian/patches/CVE-2022-3037.patch: Do not handle errors if there
      aren't any
    - debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
      non-existing line
    - debian/patches/CVE-2022-3134.patch: Bail out when the window was
      closed
    - CVE-2022-2817
    - CVE-2022-2862
    - CVE-2022-2889
    - CVE-2022-2982
    - CVE-2022-3016
    - CVE-2022-3037
    - CVE-2022-3099
    - CVE-2022-3134
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2874.patch: Check for skipping
    - debian/patches/CVE-2022-3153.patch: Check for NULL string
    - CVE-2022-2874
    - CVE-2022-3153

 -- Nishit Majithia <email address hidden> Fri, 18 Aug 2023 09:42:26 +0530

CVE-2022-2522 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2580 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
CVE-2022-2819 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
CVE-2022-2816 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVE-2022-2817 Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVE-2022-2862 Use After Free in GitHub repository vim/vim prior to 9.0.0221.
CVE-2022-2889 Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVE-2022-2982 Use After Free in GitHub repository vim/vim prior to 9.0.0260.
CVE-2022-3016 Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVE-2022-3037 Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVE-2022-3099 Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVE-2022-3134 Use After Free in GitHub repository vim/vim prior to 9.0.0389.
CVE-2022-2874 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
CVE-2022-3153 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.



About   -   Send Feedback to @ubuntu_updates