UbuntuUpdates.org

Package "vim"

Name: vim

Description:

Vi IMproved - enhanced vi editor
Latest version: 2:9.0.1672-1ubuntu2.3
Release: mantic (23.10)
Level: updates
Repository: main
Homepage: https://www.vim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vim" in Mantic

Repository Area Version
base universe 2:9.0.1672-1ubuntu2
base main 2:9.0.1672-1ubuntu2
security main 2:9.0.1672-1ubuntu2.3
security universe 2:9.0.1672-1ubuntu2.3
updates universe 2:9.0.1672-1ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:9.0.1672-1ubuntu2.3 2024-03-18 21:07:01 UTC

  vim (2:9.0.1672-1ubuntu2.3) mantic-security; urgency=medium

  * SECURITY UPDATE: stack based buffer overflow
    - debian/patches/CVE-2024-22667.patch: passes error buffer length down
      through option callback functions.
    - CVE-2024-22667

 -- Ian Constantin <email address hidden> Thu, 14 Mar 2024 15:39:48 +0200
Source diff to previous version
CVE-2024-22667 Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down

Version: 2:9.0.1672-1ubuntu2.2 2023-12-14 18:07:06 UTC

  vim (2:9.0.1672-1ubuntu2.2) mantic-security; urgency=medium

  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-46246.patch: Check that the return value from the
      vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
      an error.
    - CVE-2023-46246
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48231.patch: If the current window structure is
      no longer valid, fail and return before attempting to set win->w_closing
      variable.
    - CVE-2023-48231
  * SECURITY UPDATE: division by zero
    - debian/patches/CVE-2023-48232-*.patch: Prevent a floating point exception
      when calculating w_skipcol (which can happen with a small window when the
      number option is set and cpo+=n).
    - CVE-2023-48232
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
      larger than what fits into a (signed) long variable, abort with
      e_value_too_large.
    - CVE-2023-48233
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
      command, it may overflow for large counts given. So verify, that we can
      safely store the result in a long.
    - CVE-2023-48234
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
      one may unintentionally cause an overflow (because LONG_MAX - lnum will
      overflow for negative addresses).
    - CVE-2023-48235
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
      overflow the count with values larger than MAX_INT. So verify that we do
      not overflow and in case when an overflow is detected, simply return 0.
    - CVE-2023-48236
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
      pending mode and using a very large value, we may overflow the size of
      integer. Fix this by using a long variable, testing if the result would
      be larger than INT_MAX and if so, indent by INT_MAX value.
    - CVE-2023-48237
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48706.patch: ensure that the sub var always using
      allocated memory.
    - CVE-2023-48706

 -- Fabian Toepfer <email address hidden> Mon, 04 Dec 2023 13:42:16 +0100
Source diff to previous version
CVE-2023-46246 Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `sr
CVE-2023-48231 Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond cras
CVE-2023-48232 Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth s
CVE-2023-48233 Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with
CVE-2023-48234 Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is
CVE-2023-48235 Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens
CVE-2023-48236 Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is
CVE-2023-48237 Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it ma
CVE-2023-48706 Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time

Version: 2:9.0.1672-1ubuntu2.1 2023-10-25 20:13:06 UTC

  vim (2:9.0.1672-1ubuntu2.1) mantic-security; urgency=medium

  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
      reset_VIsual() in do_ecmd.
    - CVE-2023-4733
  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
      f_fullcommand.
    - CVE-2023-4734
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
      overflow in do_addsub.
    - CVE-2023-4735
  * SECURITY UPDATE: buffer overflow vulnerability
    - debian/patches/CVE-2023-4738.patch: Check remaining space in
      vim_regsub_both.
    - CVE-2023-4738
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4750.patch: Check buffer is valid before
      accessing it.
    - CVE-2023-4750
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
      in ins_compl_get_exp.
    - CVE-2023-4752
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
      textlock is active in vim_regsub_both.
    - CVE-2023-4781
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
      trunc_string.
    - CVE-2023-5344
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
      in gui_do_scroll.
    - CVE-2023-5441
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-5535.patch: block autocommands in
      buf_contents_changed.
    - CVE-2023-5535

 -- Fabian Toepfer <email address hidden> Mon, 16 Oct 2023 20:21:01 +0200
CVE-2023-4733 Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-4734 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
CVE-2023-4735 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
CVE-2023-4738 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
CVE-2023-4750 Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2023-4752 Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVE-2023-4781 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
CVE-2023-5344 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
CVE-2023-5441 NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
CVE-2023-5535 Use After Free in GitHub repository vim/vim prior to v9.0.2010.


About   -   Send Feedback to @ubuntu_updates