UbuntuUpdates.org

Package "vim"

Name: vim

Description:

Vi IMproved - enhanced vi editor
Latest version: 2:9.1.0016-1ubuntu7.10
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://www.vim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vim" in Noble

Repository Area Version
base universe 2:9.1.0016-1ubuntu7
base main 2:9.1.0016-1ubuntu7
security main 2:9.1.0016-1ubuntu7.10
security universe 2:9.1.0016-1ubuntu7.10
updates universe 2:9.1.0016-1ubuntu7.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:9.1.0016-1ubuntu7.10 2026-03-17 07:08:14 UTC

  vim (2:9.1.0016-1ubuntu7.10) noble-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN
      bytes to prevent writing out of bounds.
    - debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4
      for ga_grow() to ensure sufficient space. Add a boundary check to the
      character loop to prevent index out-of-bounds access.
    - debian/patches/CVE-2026-28422.patch: Update the size check to account
      for the byte length of the fill character (using MB_CHAR2LEN).
    - debian/patches/CVE-2026-25749.patch: Limit strncpy to the length
      of the buffer (MAXPATHL)
    - CVE-2026-26269
    - CVE-2026-28420
    - CVE-2026-28422
    - CVE-2026-25749
  * SECURITY UPDATE: Command Injection
    - debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123
      hostname and IP validation. Use shellescape() for the provided
      hostname and port.
    - CVE-2026-28417
  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2026-28418.patch: Check for end of buffer
      and return early.
    - CVE-2026-28418
  * SECURITY UPDATE: Buffer Underflow
    - debian/patches/CVE-2026-28419.patch: Add a check to ensure the
      delimiter (p_7f) is not at the start of the buffer (lbuf) before
      attempting to isolate the tag name.
    - CVE-2026-28419
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-28421.patch: Add bounds checks on
      pe_page_count and pe_bnum against mf_blocknr_max before descending
      into the block tree, and validate pe_old_lnum >= 1 and
      pe_line_count > 0 before calling readfile().
    - CVE-2026-28421

 -- Bruce Cable <email address hidden> Tue, 10 Mar 2026 20:13:01 +1100
Source diff to previous version
CVE-2026-26269 Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when p
CVE-2026-28420 Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim
CVE-2026-28422 Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a s
CVE-2026-25749 Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution
CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plug
CVE-2026-28418 Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty
CVE-2026-28419 Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsi
CVE-2026-28421 Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim'

Version: 2:9.1.0016-1ubuntu7.9 2025-09-15 22:18:35 UTC

  vim (2:9.1.0016-1ubuntu7.9) noble-security; urgency=medium

  * SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
    archives.
    - debian/patches/CVE-2025-53905.patch: remove leading slashes from name,
      replace tar_secure with g:tar_secure in runtime/autoload/tar.vim.
    - debian/patches/CVE-2025-53906.patch: Add need_rename, replace w! with w,
      call warning for path traversal attack, and escape leading "../" in
      runtime/autoload/zip.vim.
    - CVE-2025-53905
    - CVE-2025-53906

 -- Hlib Korzhynskyy <email address hidden> Fri, 05 Sep 2025 17:14:46 -0230
Source diff to previous version
CVE-2025-53905 Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of a
CVE-2025-53906 Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of a

Version: 2:9.1.0016-1ubuntu7.8 2025-04-07 19:07:03 UTC

  vim (2:9.1.0016-1ubuntu7.8) noble-security; urgency=medium

  * SECURITY UPDATE: Crash when file is inaccessible with log option.
    - debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
      and common_init_2 in ./src/main.c
    - CVE-2025-1215
  * SECURITY UPDATE: Use after free when redirecting display command to
    register.
    - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
      vim_strchr command check in ./src/register.c.
    - CVE-2025-26603

 -- Hlib Korzhynskyy <email address hidden> Tue, 01 Apr 2025 17:42:31 -0230
Source diff to previous version
CVE-2025-1215 A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipu
CVE-2025-26603 Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, v

Version: 2:9.1.0016-1ubuntu7.7 2025-04-01 22:07:08 UTC

  vim (2:9.1.0016-1ubuntu7.7) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
      in files src/gui.c, src/testdir/crash/ex_redraw_crash,
      src/testdir/test_crash.vim.
    - CVE-2025-24014

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 03 Feb 2025 08:25:28 -0300
Source diff to previous version
CVE-2025-24014 Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically does

Version: 2:9.1.0016-1ubuntu7.6 2025-01-21 19:07:54 UTC

  vim (2:9.1.0016-1ubuntu7.6) noble-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
    - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
      src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
    - CVE-2025-22134

 -- Hlib Korzhynskyy <email address hidden> Thu, 16 Jan 2025 16:43:18 -0330
CVE-2025-22134 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does no


About   -   Send Feedback to @ubuntu_updates