Advisories » MGASA-2022-0430

Updated vim packages fix security vulnerability

Publication date: 18 Nov 2022
Modification date: 18 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2000 , CVE-2022-2042 , CVE-2022-2124 , CVE-2022-2125 , CVE-2022-2125 , CVE-2022-2129 , CVE-2022-2175 , CVE-2022-2182 , CVE-2022-2183 , CVE-2022-2206 , CVE-2022-2207 , CVE-2022-2208 , CVE-2022-2210 , CVE-2022-2231 , CVE-2022-2257 , CVE-2022-2264 , CVE-2022-2284 , CVE-2022-2285 , CVE-2022-2286 , CVE-2022-2287 , CVE-2022-2288 , CVE-2022-2289 , CVE-2022-2304 , CVE-2022-2343 , CVE-2022-2344 , CVE-2022-2345 , CVE-2022-2522 , CVE-2022-2571 , CVE-2022-2580 , CVE-2022-2581 , CVE-2022-2598 , CVE-2022-2816 , CVE-2022-2817 , CVE-2022-2819 , CVE-2022-2845 , CVE-2022-2849 , CVE-2022-2862 , CVE-2022-2874 , CVE-2022-2889 , CVE-2022-2923 , CVE-2022-2946 , CVE-2022-2980 , CVE-2022-2982 , CVE-2022-3016 , CVE-2022-3037 , CVE-2022-3099 , CVE-2022-3134 , CVE-2022-3234 , CVE-2022-3235 , CVE-2022-3256 , CVE-2022-3278 , CVE-2022-3296 , CVE-2022-3297 , CVE-2022-3324 , CVE-2022-3352 , CVE-2022-3705

Description

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
(CVE-2022-2000, CVE-2022-2129, CVE-2022-2210)

Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2.
(CVE-2022-2124, CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
(CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
(CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
(CVE-2022-2208)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
(CVE-2022-2231)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
(CVE-2022-2257, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
(CVE-2022-2264, CVE-2022-2284)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
(CVE-2022-2285)

Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
(CVE-2022-2304)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
(CVE-2022-2343)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
(CVE-2022-2344)

Use After Free in GitHub repository vim/vim prior to 9.0.0046.
(CVE-2022-2345)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
(CVE-2022-2522)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
(CVE-2022-2571)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
(CVE-2022-2580)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
(CVE-2022-2581)

Undefined Behavior for Input to API in GitHub repository vim/vim prior to
9.0.0100. (CVE-2022-2598)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
(CVE-2022-2816)

Use After Free in GitHub repository vim/vim prior to 9.0.0213.
(CVE-2022-2817)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
(CVE-2022-2819)

Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.
(CVE-2022-2845)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
(CVE-2022-2849)

Use After Free in GitHub repository vim/vim prior to 9.0.0221.
(CVE-2022-2862)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
(CVE-2022-2874)

Use After Free in GitHub repository vim/vim prior to 9.0.0225.
(CVE-2022-2889)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
(CVE-2022-2923)

Use After Free in GitHub repository vim/vim prior to 9.0.0246.
(CVE-2022-2946)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
(CVE-2022-2980)

Use After Free in GitHub repository vim/vim prior to 9.0.0260.
(CVE-2022-2982)

Use After Free in GitHub repository vim/vim prior to 9.0.0286.
(CVE-2022-3016)

Use After Free in GitHub repository vim/vim prior to 9.0.0322.
(CVE-2022-3037)

Use After Free in GitHub repository vim/vim prior to 9.0.0360.
(CVE-2022-3099)

Use After Free in GitHub repository vim/vim prior to 9.0.0389.
(CVE-2022-3134)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
(CVE-2022-3234)

Use After Free in GitHub repository vim/vim prior to 9.0.0490.
(CVE-2022-3235)

Use After Free in GitHub repository vim/vim prior to 9.0.0530.
(CVE-2022-3256)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
(CVE-2022-3278)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to
9.0.0577. (CVE-2022-3296)

Use After Free in GitHub repository vim/vim prior to 9.0.0579.
(CVE-2022-3297)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to
9.0.0598. (CVE-2022-3324)

Use After Free in GitHub repository vim/vim prior to 9.0.0614.
(CVE-2022-3352)

Affected by this issue is the function qf_update_buffer of the file
quickfix.c of the component autocmd Handler. The manipulation leads to use
after free. The attack may be launched remotely. (CVE-2022-3705)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30561
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/
• https://www.debian.org/lts/security/2022/dla-3053
• https://ubuntu.com/security/notices/USN-5492-1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/
• https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
• https://www.debian.org/lts/security/2022/dla-3182
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2042
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2175
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2182
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2183
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2206
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2208
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2210
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2231
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2257
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2264
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2284
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2286
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2287
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2288
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2289
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2343
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2344
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2345
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2571
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2580
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2581
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2598
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2845
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2849
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2874
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3235
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3278
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3297
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3324
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3352
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3705

SRPMS

8/core

• vim-9.0.828-1.mga8