Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora 35: 2022-bb2daad935 Critical Heap Overflow and Out Of Bounds

fedora
Calendar Grey June 6, 2022
Dist Fedora Esm H88
Explore the updates on security patches in Fedora 35's vim that tackle various vulnerabilities presenting serious risks.
Security fixes for CVE-2022-1886, CVE-2022-1942 ---- Security fixes for CVE-2022-1851, CVE-2022-1898, CVE-2022-1897, CVE-2022-1927

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Security fixes for CVE-2022-1886, CVE-2022-1942 ---- Security fixes for

CVE-2022-1851, CVE-2022-1898, CVE-2022-1897, CVE-2022-1927

* Fri Jun 3 2022 Zdenek Dohnal - 2:8.2.5052-1

- patchlevel 5052

* Tue May 31 2022 Zdenek Dohnal - 2:8.2.5046-1

- patchlevel 5046

[ 1 ] Bug #2091676 - CVE-2022-1851 vim: out-of-bounds read in gchar_cursor() in misc1.c

https://bugzilla.redhat.com/show_bug.cgi?id=2091676

[ 2 ] Bug #2091679 - CVE-2022-1898 vim: use-after-free in find_pattern_in_path() in search.c

https://bugzilla.redhat.com/show_bug.cgi?id=2091679

[ 3 ] Bug #2091682 - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c

https://bugzilla.redhat.com/show_bug.cgi?id=2091682

[ 4 ] Bug #2091687 - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c

https://bugzilla.redhat.com/show_bug.cgi?id=2091687

[ 5 ] Bug #2092890 - CVE-2022-1942 vim: out of bounds write in vim_regsub_both()

https://bugzilla.redhat.com/show_bug.cgi?id=2092890

[ 6 ] Bug #2092973 - CVE-2022-1886 vim: heap-based buffer overflow in function utf_head_off

https://bugzilla.redhat.com/show_bug.cgi?id=2092973

su -c 'dnf upgrade --advisory FEDORA-2022-bb2daad935' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory Fedora critical threat heap overflow bug fixes out of bounds vim editor

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 8.2.5052
Release: 1.fc35
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory Fedora critical threat heap overflow bug fixes out of bounds vim editor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here