==========================================================================
Ubuntu Security Notice USN-4309-1
March 23, 2020

vim vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Vim.

Software Description:
– vim: Vi IMproved – enhanced vi editor

Details:

It was discovered that Vim incorrectly handled certain sources.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and
Ubuntu 16.04 LTS (CVE-2017-1110)

It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2017-5953)

It was discovered that Vim incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786)

It was discovered that Vim incorrectly handled certain inputs. An attacker
could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 19.10. (CVE-2019-20079)

It was discovered that Vim incorrectly handled certain files. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2017-6349, CVE-2017-6350)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
vim 2:8.1.0875-5ubuntu2.1
vim-common 2:8.1.0875-5ubuntu2.1
vim-gui-common 2:8.1.0875-5ubuntu2.1
vim-runtime 2:8.1.0875-5ubuntu2.1

Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.3
vim-common 2:8.0.1453-1ubuntu1.3
vim-gui-common 2:8.0.1453-1ubuntu1.3
vim-runtime 2:8.0.1453-1ubuntu1.3

Ubuntu 16.04 LTS:
vim 2:7.4.1689-3ubuntu1.4
vim-common 2:7.4.1689-3ubuntu1.4
vim-gui-common 2:7.4.1689-3ubuntu1.4
vim-runtime 2:7.4.1689-3ubuntu1.4

Ubuntu 14.04 ESM:
vim 2:7.4.052-1ubuntu3.1+esm1
vim-common 2:7.4.052-1ubuntu3.1+esm1
vim-gui-common 2:7.4.052-1ubuntu3.1+esm1
vim-runtime 2:7.4.052-1ubuntu3.1+esm1

Ubuntu 12.04 ESM:
vim 2:7.3.429-2ubuntu2.3
vim-common 2:7.3.429-2ubuntu2.3
vim-gui-common 2:7.3.429-2ubuntu2.3
vim-runtime 2:7.3.429-2ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4309-1
CVE-2017-11109, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350,
CVE-2018-20786, CVE-2019-20079

Package Information:
https://launchpad.net/ubuntu/+source/vim/2:8.1.0875-5ubuntu2.1
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.3
https://launchpad.net/ubuntu/+source/vim/2:7.4.1689-3ubuntu1.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl543VEACgkQRbznW4QL
H2kadw/9GsqmEvBT8o5STYwkH3Yjk0deFrZrmUfGssjxTSKxwSMnoOjiNbp1sIKQ
QxHjyjZGWnJWdJG15DVEWsNSvn93l+Nf+s3jPJrFtRY4JtlT0bQzcNYncLJJMvHu
+fCC8TPFF2Q864SwoEO4cIo6ENyXufHD/YUhLi6NZm1TTeZN3J97OBhqtgmpVijy
JAVWkGcUevna6dUbd8myND4vY5yr9yQm8cwWZafssvGZpACvOas5Hc8nq4/OsRdN
xR6VC5vTsVnFgMeiEH7YoBaN+50znZOi/XCfcncm6L+F04wN65Xx38Xu9WtW0/OF
H5kPhsexOYrMWIdOXShUwVe4VxJWw/UQwPuXmnTY1KD5/M2xwvqtktfyFA/F3t/2
yiyR0JbGkEufpUiV8nigjSshVQJm8zxzE2OvEtWWFxLnEFlWTXBXUSAmMHYjnmUt
ybMPM08buI8eXiBxfft6hygKJ88u3qmB574s6BSTSgsEke85gIquMWwcaRVv258V
mXA9ViDQq9Tkz6XMfTxLlubfhYHvg2b9xVT87zL5rTgr4rjKy8Etzx46r6yu4izH
6DDA5oecyL3JanUVjOKgo2mbZc09xVgduEg6yhnIHPQaOI91Mtbl0+SEwriUe3cU
KrbMkQmK5vaAwmDuPsmd/pTprxYm0J5CTuZq4isaut8ln8uP+Vg=
=KQxF
—–END PGP SIGNATURE—–
—