[USN-7419-1] Vim vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmf0CcIFAwAAAAAACgkQyfW2m9Ldu6sZ
rQ//fDGru6NcgO3z6zUB4B2zF8Wg0oiuacio3a3244MjnVgl/xrodwW1+xWZktf7YemdFz+iRiu5
IBRv6zDE+Z7AnqtfCYIVkhditAlUZ38T1NBCqcFwEIdb0ALEjhPEnZAXc5itdfuRBkgoOf4LRyOe
GXiaQ5fHqMGIbCbkNa6y7iA993ggB1PqzZQ9IN9tFHWsmUS9/wa1C0HemwH+LosGOxY7Wm9Zkb8C
A5CNTjetsbxxwcQi3lKRdR2f5jf8cUykvjDbeWAJCTXbYmOC+4ctMmRjI3DBYYzFf+7RFzQUkkJZ
nyj/vd7+/+SDApQvhGL22Fm1KkVK8ys65sYuTyJN2Ls703VvbZR3s0VCylIfT1nuPRWiOUyluaYC
DM+GGwD972bAK7kuyFHzeqYuG3pln0T0xm+2eRtOEvJJ3fFh1GcPS2BAATP+D/AEEjcWT/TXhbpK
pA/vb0Pi40DYQRLEhhtgGKGGMoAUPkeh77NpQlFuFBqHSd3UUa3yXHRiWa5pb6/LKgNgIP7VHdvq
AIjKY3uObPJIQJAb0Sep6s4DL1BZmqhESVEylwjuloMahkL956/moUY+1DwMoz5fs8p3VbKGnevU
8kKRHRVqK2ScmlnM7s1yk5V4WchmYwuzwX/ZLrL8Toac8OgMLQjrTdXtlbcYSVOFnkP43wXjqLeO
NuM=
=IDBm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7419-1
April 07, 2025

vim vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Vim could be made to crash if it received specially crafted input.

Software Description:
- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled memory when using invalid
input with the log option. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-1215)

It was discovered that Vim incorrectly handled memory when redirecting
certain output to the register. An attacker could possibly use this issue
to cause a denial of service. (CVE-2025-26603)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  vim                             2:9.1.0496-1ubuntu6.5

Ubuntu 24.04 LTS
  vim                             2:9.1.0016-1ubuntu7.8

Ubuntu 22.04 LTS
  vim                             2:8.2.3995-1ubuntu2.24

Ubuntu 20.04 LTS
  vim                             2:8.1.2269-1ubuntu5.32

Ubuntu 18.04 LTS
  vim                             2:8.0.1453-1ubuntu1.13+esm12
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  vim                             2:7.4.1689-3ubuntu1.5+esm27
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  vim                             2:7.4.052-1ubuntu3.1+esm21
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7419-1
  CVE-2025-1215, CVE-2025-26603

Package Information:
  https://launchpad.net/ubuntu/+source/vim/2:9.1.0496-1ubuntu6.5
  https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.8
  https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.24
  https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.32