Severity

low

Vendor

VMware Tanzu

Versions Affected

• Canonical Ubuntu 18.04
• Cflinuxfs3

Description

Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service Update Instructions: Run `sudo pro fix USN-6698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.1689-3ubuntu1.5+esm23 vim-athena - 2:7.4.1689-3ubuntu1.5+esm23 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-common - 2:7.4.1689-3ubuntu1.5+esm23 vim-doc - 2:7.4.1689-3ubuntu1.5+esm23 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm23 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm23 vim-nox - 2:7.4.1689-3ubuntu1.5+esm23 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm23 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm23 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

• Cflinuxfs3
• 0.388.0 or greater
• Cflinuxfs4
• 1.84.0 or greater
• Jammy Stemcells
• 1.423 or greater
• Operations Manager Image
• 2.10.72 or greater
• 3.0.26+LTS-T or greater
• Tanzu Greenplum for Kubernetes
• 2.0.0 or greater
• Xenial Stemcells
• 621.924 or greater
• CF Deployment
• 30.0.0 or greater
• Operations Manager
• 2.10.72 or greater
• 3.0.26+LTS-T or greater

References

https://ubuntu.com/security/notices/USN-6698-1

https://www.cloudfoundry.org/blog/usn-6698-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6698-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24685

History

2024-03-18: Initial vulnerability report published.