Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Fedora 35: 2022-da2fb07efb Critical: Vim Buffer Overflow Risks

fedora
Calendar Grey February 10, 2022
Dist Fedora Esm H88
Ubuntu 21.10 rolls out Nano enhancement addressing severe vulnerabilities such as input validation flaws and race conditions. Update today!
Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417,

CVE-2022-0443

* Mon Feb 7 2022 Zdenek Dohnal - 2:8.2.4314-1

- patchlevel 4314

[ 1 ] Bug #2048515 - CVE-2022-0408 vim: Stack-based Buffer Overflow in spellsuggest.c

https://bugzilla.redhat.com/show_bug.cgi?id=2048515

[ 2 ] Bug #2048519 - CVE-2022-0413 vim: use after free in src/ex_cmds.c

https://bugzilla.redhat.com/show_bug.cgi?id=2048519

[ 3 ] Bug #2049180 - CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c

https://bugzilla.redhat.com/show_bug.cgi?id=2049180

[ 4 ] Bug #2050149 - CVE-2022-0417 vim: heap-based-buffer-overflow in ex_retab() of src/indent.c

https://bugzilla.redhat.com/show_bug.cgi?id=2050149

[ 5 ] Bug #2050182 - CVE-2022-0443 vim: heap-use-after-free in enter_buffer() of src/buffer.c

https://bugzilla.redhat.com/show_bug.cgi?id=2050182

su -c 'dnf upgrade --advisory FEDORA-2022-da2fb07efb' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical issue buffer overflow Fedora Vim

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 8.2.4314
Release: 1.fc35
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory critical issue buffer overflow Fedora Vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here