Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 35 FEDORA-2022-fff548cfab Critical: Vim Buffer Overflow Issues

fedora
Calendar Grey October 17, 2022
Dist Fedora Esm H88
The latest Fedora update for Vim brings crucial security upgrades to fix severe bugs and vulnerabilities, affirming Fedora's dedication to robust software security and user safety
The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324,

CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297,

CVE-2022-3278.

* Tue Oct 11 2022 Zdenek Dohnal - 2:9.0.720-1

- patchlevel 720

* Wed Sep 28 2022 Carl George - 2:9.0.475-2

- Obsolete vim-toml since the runtime files are now part of vim-common

[ 1 ] Bug #2129370 - CVE-2022-3234 vim: Heap-based Buffer Overflow

https://bugzilla.redhat.com/show_bug.cgi?id=2129370

[ 2 ] Bug #2129371 - CVE-2022-3235 vim: Use After Free

https://bugzilla.redhat.com/show_bug.cgi?id=2129371

[ 3 ] Bug #2129831 - CVE-2022-3278 vim: null pointer dereference in eval_next_non_blank() in eval.c

https://bugzilla.redhat.com/show_bug.cgi?id=2129831

[ 4 ] Bug #2129835 - CVE-2022-3296 vim: stack buffer overflow in ex_finally() in ex_eval.c

https://bugzilla.redhat.com/show_bug.cgi?id=2129835

[ 5 ] Bug #2129838 - CVE-2022-3297 vim: use-after-free in process_next_cpt_value() at insexpand.c

https://bugzilla.redhat.com/show_bug.cgi?id=2129838

[ 6 ] Bug #2131087 - CVE-2022-3352 vim: use after free

https://bugzilla.redhat.com/show_bug.cgi?id=2131087

[ 7 ] Bug #2132558 - CVE-2022-3324 vim: stack buffer overflow in win_redr_ruler() at drawscreen.c

https://bugzilla.redhat.com/show_bug.cgi?id=2132558

[ 8 ] Bug #2132571 - CVE-2022-3256 vim: use-after-free in movemark() at mark.c

https://bugzilla.redhat.com/show_bug.cgi?id=2132571

su -c 'dnf upgrade --advisory FEDORA-2022-fff548cfab' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical vim use after free

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 9.0.720
Release: 1.fc35
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical vim use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here