Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5613.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5613-2)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-5613-2 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-5613-2 advisory. Vulnerability Insight: USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. We apologize for the inconvenience. Original advisory details: It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154) It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420) It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616) It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619) It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620) It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621) Affected Software/OS: 'vim' package(s) on Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0943 https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/ http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://security.gentoo.org/glsa/202208-32 https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1154 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/ https://security.gentoo.org/glsa/202305-16 https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1420 https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/ https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca Common Vulnerability Exposure (CVE) ID: CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/ https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c Common Vulnerability Exposure (CVE) ID: CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51 https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f Common Vulnerability Exposure (CVE) ID: CVE-2022-1621 https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.