[SECURITY] [DLA 3588-1] vim security update

2023-09-2913:52:33

lists.debian.org

heap-buffer-overflow

text editor

heap use after free

debian 10 buster

security update

vim

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Debian LTS Advisory DLA-3588-1 [email protected]
https://www.debian.org/lts/security/ Bastien RoucariÃ¨s
September 29, 2023 https://wiki.debian.org/LTS

Package : vim
Version : 2:8.1.0875-5+deb10u6
CVE ID : CVE-2023-4752 CVE-2023-4781

Multiple vulnerabilities were found in vim a text editor.

CVE-2023-4752

A heap use after free was found in ins_compl_get_exp()

CVE-2023-4781

A heap-buffer-overflow was found in vim_regsub_both()

For Debian 10 buster, these problems have been fixed in version
2:8.1.0875-5+deb10u6.

We recommend that you upgrade your vim packages.

For the detailed security status of vim please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vim

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10amd64vim-gtk-dbgsym< 2:8.1.0875-5+deb10u6vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_amd64.deb
Debian10arm64vim-gtk-dbgsym< 2:8.1.0875-5+deb10u6vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_arm64.deb
Debian10allvim-gui-common< 2:8.1.0875-5+deb10u6vim-gui-common_2:8.1.0875-5+deb10u6_all.deb
Debian10armhfvim-nox< 2:8.1.0875-5+deb10u6vim-nox_2:8.1.0875-5+deb10u6_armhf.deb
Debian10armhfvim-gtk-dbgsym< 2:8.1.0875-5+deb10u6vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_armhf.deb
Debian10i386vim-gtk< 2:8.1.0875-5+deb10u6vim-gtk_2:8.1.0875-5+deb10u6_i386.deb
Debian10arm64vim-nox< 2:8.1.0875-5+deb10u6vim-nox_2:8.1.0875-5+deb10u6_arm64.deb
Debian10arm64vim-gtk3-dbgsym< 2:8.1.0875-5+deb10u6vim-gtk3-dbgsym_2:8.1.0875-5+deb10u6_arm64.deb
Debian10i386vim< 2:8.1.0875-5+deb10u6vim_2:8.1.0875-5+deb10u6_i386.deb
Debian10amd64vim-gtk3< 2:8.1.0875-5+deb10u6vim-gtk3_2:8.1.0875-5+deb10u6_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	vim-gtk-dbgsym	< 2:8.1.0875-5+deb10u6	vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_amd64.deb
Debian	10	arm64	vim-gtk-dbgsym	< 2:8.1.0875-5+deb10u6	vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_arm64.deb
Debian	10	all	vim-gui-common	< 2:8.1.0875-5+deb10u6	vim-gui-common_2:8.1.0875-5+deb10u6_all.deb
Debian	10	armhf	vim-nox	< 2:8.1.0875-5+deb10u6	vim-nox_2:8.1.0875-5+deb10u6_armhf.deb
Debian	10	armhf	vim-gtk-dbgsym	< 2:8.1.0875-5+deb10u6	vim-gtk-dbgsym_2:8.1.0875-5+deb10u6_armhf.deb
Debian	10	i386	vim-gtk	< 2:8.1.0875-5+deb10u6	vim-gtk_2:8.1.0875-5+deb10u6_i386.deb
Debian	10	arm64	vim-nox	< 2:8.1.0875-5+deb10u6	vim-nox_2:8.1.0875-5+deb10u6_arm64.deb
Debian	10	arm64	vim-gtk3-dbgsym	< 2:8.1.0875-5+deb10u6	vim-gtk3-dbgsym_2:8.1.0875-5+deb10u6_arm64.deb
Debian	10	i386	vim	< 2:8.1.0875-5+deb10u6	vim_2:8.1.0875-5+deb10u6_i386.deb
Debian	10	amd64	vim-gtk3	< 2:8.1.0875-5+deb10u6	vim-gtk3_2:8.1.0875-5+deb10u6_amd64.deb