Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Fedora 33: FEDORA-2021-84f4cf3244 Critical Vim Buffer Overflow Threat

fedora
Calendar Grey October 22, 2021
Dist Fedora Esm H88
Recent release of Fedora tackles vulnerabilities in vim and implements remedies for several buffer overflow concerns to improve security.
The newest upstream commit Security fix for CVE-2021-3778 Security fix for CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

The newest upstream commit Security fix for CVE-2021-3778 Security fix for

CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

* Fri Oct 15 2021 Zdenek Dohnal - 2:8.2.3512-1

- patchlevel 3512

* Thu Oct 14 2021 Zdenek Dohnal - 2:8.2.3404-2

- adjust test suite to Python 3.10

* Thu Oct 14 2021 Zdenek Dohnal - 2:8.2.3404-2

- remove filetype plugin from virc - it doesn't work with vi

* Mon Oct 11 2021 Zdenek Dohnal - 2:8.2.3404-2

- set system vimrc via compiler macros

* Thu Sep 23 2021 Zdenek Dohnal - 2:8.2.3404-2

- remove downstream patch vim-8.0-copypaste.patch - put mouse settings into defaults.vim again

[ 1 ] Bug #2004621 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c

https://bugzilla.redhat.com/show_bug.cgi?id=2004621

[ 2 ] Bug #2004728 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c

https://bugzilla.redhat.com/show_bug.cgi?id=2004728

[ 3 ] Bug #2014661 - CVE-2021-3875 vim: heap-based buffer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=2014661

[ 4 ] Bug #2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c

https://bugzilla.redhat.com/show_bug.cgi?id=2016056

su -c 'dnf upgrade --advisory FEDORA-2021-84f4cf3244' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora update information software threat Vim

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 8.2.3512
Release: 1.fc33
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora update information software threat Vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here