USN-6420-1: Vim vulnerabilities

Read Time:1 Minute, 58 Second

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278,
CVE-2022-3297, CVE-2022-3491)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-3352, CVE-2022-4292)

It was discovered that Vim incorrectly handled memory when replacing in
virtualedit mode. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234)

It was discovered that Vim incorrectly handled memory when autocmd changes
mark. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-3256)

It was discovered that Vim did not properly perform checks on array index
with negative width window. An attacker could possibly use this issue to
cause a denial of service, or execute arbitrary code. (CVE-2022-3324)

It was discovered that Vim did not properly perform checks on a put command
column with a visual block. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-3520)

It was discovered that Vim incorrectly handled memory when using autocommand
to open a window. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-3591)

It was discovered that Vim incorrectly handled memory when updating buffer
of the component autocmd handler. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-3705)

It was discovered that Vim incorrectly handled floating point comparison
with incorrect operator. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu
22.04 LTS. (CVE-2022-4293)

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

ZDI-CAN-25373: Microsoft

DSA-5774-1 ruby-saml – security update

USN-6968-2: PostgreSQL vulnerability

USN-7015-2: Python vulnerabilities

USN-7027-1: Emacs vulnerabilities

USN-7024-1: tgt vulnerability