Release Info

Advisory: CLSA-2021:1639681852

OS: Ubuntu 16.04 ELS

Public date: 2021-12-16 00:00:00

Project: vim

Version: 2:7.4.1689-3ubuntu1.7

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1639681852.html

Changelog

* SECURITY UPDATE: illegal memory access if buffer name is very long - debian/patches/CVE-2021-3872.patch: make sure not to go over the end of the buffer in screen.c - CVE-2021-3872 * SECURITY UPDATE: ml_get error after search with range - debian/patches/CVE-2021-3875.patch: limit the line number to the buffer line count in ex_docmd.c - CVE-2021-3875 * SECURITY UPDATE: invalid memory access when scrolling without a valid screen - debian/patches/CVE-2021-3903.patch: do not set VALID_BOTLINE in w_valid in move.c - CVE-2021-3903

Update

Packages list

vim_7.4.1689-3ubuntu1.7_amd64.deb vim-athena_7.4.1689-3ubuntu1.7_amd64.deb vim-athena-py2_7.4.1689-3ubuntu1.7_amd64.deb vim-common_7.4.1689-3ubuntu1.7_amd64.deb vim-doc_7.4.1689-3ubuntu1.7_all.deb vim-gnome_7.4.1689-3ubuntu1.7_amd64.deb vim-gnome-py2_7.4.1689-3ubuntu1.7_amd64.deb vim-gtk_7.4.1689-3ubuntu1.7_amd64.deb vim-gtk-py2_7.4.1689-3ubuntu1.7_amd64.deb vim-gtk3_7.4.1689-3ubuntu1.7_amd64.deb vim-gtk3-py2_7.4.1689-3ubuntu1.7_amd64.deb vim-gui-common_7.4.1689-3ubuntu1.7_all.deb vim-nox_7.4.1689-3ubuntu1.7_amd64.deb vim-nox-py2_7.4.1689-3ubuntu1.7_amd64.deb vim-runtime_7.4.1689-3ubuntu1.7_all.deb vim-tiny_7.4.1689-3ubuntu1.7_amd64.deb

CVEs

CVE-2021-3875
CVE-2021-3903
CVE-2021-3872