Advisories » MGASA-2022-0203

Updated vim packages fix security vulnerability

Publication date: 25 May 2022
Modification date: 25 May 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-0213 , CVE-2022-0261 , CVE-2022-0128 , CVE-2022-0318 , CVE-2022-0351 , CVE-2022-0359 , CVE-2022-0408 , CVE-2022-0413 , CVE-2022-0393 , CVE-2022-0417 , CVE-2022-0443 , CVE-2022-0572 , CVE-2022-0629 , CVE-2022-0696 , CVE-2022-0714 , CVE-2022-0729 , CVE-2022-0685 , CVE-2022-0554 , CVE-2022-0943 , CVE-2022-1160 , CVE-2022-1154 , CVE-2022-1381 , CVE-2022-1420 , CVE-2022-1616 , CVE-2022-1619 , CVE-2022-1620 , CVE-2022-1621 , CVE-2022-1629 , CVE-2022-1674 , CVE-2022-1769 , CVE-2022-1733

Description

vim is vulnerable to out of bounds read (CVE-2022-0213)
Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261)
a heap-based OOB read of size 1 (CVE-2022-0128)
heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318)
access of memory location before start of buffer (CVE-2022-0351)
heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359)
Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408)
use after free in src/ex_cmds.c (CVE-2022-0413)
out-of-bounds read in delete_buff_tail() in getchar.c (CVE-2022-0393)
heap-based-buffer-overflow in ex_retab() of src/indent.c (CVE-2022-0417)
heap-use-after-free in enter_buffer() of src/buffer.c (CVE-2022-0443)
heap overflow in ex_retab() may lead to crash (CVE-2022-0572)
Stack-based Buffer Overflow in vim prior to 8.2. (CVE-2022-0629)
NULL Pointer Dereference in vim prior to 8.2 (CVE-2022-0696)
buffer overflow (CVE-2022-0714)
Use of Out-of-range Pointer Offset (CVE-2022-0729)
Use of Out-of-range Pointer Offset in vim (CVE-2022-0685)
Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
heap buffer overflow in get_one_sourceline (CVE-2022-1160)
use after free in utf_ptr2char (CVE-2022-1154)
global heap buffer overflow in skip_range (CVE-2022-1381)
Out-of-range Pointer Offset (CVE-2022-1420)
heap-buffer-overflow in append_command of src/ex_docmd.c (CVE-2022-1616)
heap-buffer-overflow in cmdline_erase_chars of ex_getln.c (CVE-2022-1619)
NULL Pointer Dereference in vim_regexec_string() of regexp.c (CVE-2022-1620)
heap buffer overflow (CVE-2022-1621)
buffer over-read (CVE-2022-1629)
NULL pointer dereference in vim_regexec_string() of regexp.c (CVE-2022-1674)
a buffer over-read found in scriptfile.c (CVE-2022-1769)
Heap-based Buffer Overflow in cindent.c (CVE-2022-1733)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29972
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7JBXG3MU6EZWJGJD6UTHHONHGJBYPQQT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UCWG5L6CRQWACGVP7CYGESUB3G6QJ3GS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDNZ3N5S7UGKPUUKPGOQQGPJJK3YTW37/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/
• https://www.debian.org/lts/security/2022/dla-3011
• https://bugzilla.redhat.com/show_bug.cgi?id=2083924
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0261
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0318
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0351
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0408
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0413
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0393
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0417
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0443
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0572
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0629
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0729
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0685
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0554
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0943
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1160
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1381
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1420
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1674
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1769
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733

SRPMS

8/core

• vim-8.2.4975-1.mga8