Release Info

Advisory: CLSA-2024:1705077885

OS: Ubuntu 16.04 ELS

Public date: 2024-01-12 11:44:47

Project: vim

Version: 3:7.4.1689-3ubuntu1.5+tuxcare.els49

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1705077885.html

Changelog

* SECURITY UPDATE: use-after-free in win_close() - debian/patches/CVE-2023-48231.patch: check window is valid, before accessing it - CVE-2023-48231 * SECURITY UPDATE: overflow with count for :s command - debian/patches/CVE-2023-48233.patch: abort the :s command if the count is too large - CVE-2023-48233 * SECURITY UPDATE: overflow in nv_z_get_count - debian/patches/CVE-2023-48234.patch: break out, if count is too large - CVE-2023-48234 * SECURITY UPDATE: overflow in ex address parsing - debian/patches/CVE-2023-48235.patch: verify that lnum is positive, before substracting from LONG_MAX - CVE-2023-48235 * SECURITY UPDATE: overflow in get_number - debian/patches/CVE-2023-48236.patch: return 0 when the count gets too large - CVE-2023-48236 * SECURITY UPDATE: overflow in shift_line - debian/patches/CVE-2023-48237.patch: allow a max indent of INT_MAX - CVE-2023-48237 * SECURITY UPDATE: overflow in :history - debian/patches/CVE-2023-46246.patch: check that value fits into int - CVE-2023-46246 * SECURITY UPDATE: recursive command line loop may cause a crash - debian/patches/CVE-2022-1771.patch: limit recursion of getcmdline() - CVE-2022-1771

Update

Update command: apt-get update apt-get --only-upgrade install vim*

Packages list

vim_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-common_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els49_all.deb vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els49_all.deb vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els49_all.deb vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els49_amd64.deb

CVEs

CVE-2022-1771
CVE-2023-48237
CVE-2023-48236
CVE-2023-48234
CVE-2023-48235
CVE-2023-48231
CVE-2023-48233
CVE-2023-46246