Fedora 36: vim 2022-40161673a3 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-40161673a3
2022-10-14 12:57:09.362758
--------------------------------------------------------------------------------

Name        : vim
Product     : Fedora 36
Version     : 9.0.720
Release     : 1.fc36
URL         : https://www.vim.org/
Summary     : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor.  Vi was the first real screen-based editor for UNIX, and is
still very popular.  VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

The newest upstream commit  Security fixes for CVE-2022-3256, CVE-2022-3324,
CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297,
CVE-2022-3278.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2022 Zdenek Dohnal  - 2:9.0.720-1
- patchlevel 720
* Wed Sep 28 2022 Carl George  - 2:9.0.475-2
- Obsolete vim-toml since the runtime files are now part of vim-common
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2129370 - CVE-2022-3234 vim: Heap-based Buffer Overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=2129370
  [ 2 ] Bug #2129371 - CVE-2022-3235 vim: Use After Free
        https://bugzilla.redhat.com/show_bug.cgi?id=2129371
  [ 3 ] Bug #2129831 - CVE-2022-3278 vim: null pointer dereference in eval_next_non_blank() in eval.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2129831
  [ 4 ] Bug #2129835 - CVE-2022-3296 vim: stack buffer overflow in ex_finally() in ex_eval.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2129835
  [ 5 ] Bug #2129838 - CVE-2022-3297 vim: use-after-free in process_next_cpt_value() at insexpand.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2129838
  [ 6 ] Bug #2131087 - CVE-2022-3352 vim: use after free
        https://bugzilla.redhat.com/show_bug.cgi?id=2131087
  [ 7 ] Bug #2132558 - CVE-2022-3324 vim: stack buffer overflow in win_redr_ruler() at drawscreen.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2132558
  [ 8 ] Bug #2132571 - CVE-2022-3256 vim: use-after-free in movemark() at mark.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2132571
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-40161673a3' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 36: vim 2022-40161673a3

October 14, 2022
The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.

Change Log

* Tue Oct 11 2022 Zdenek Dohnal - 2:9.0.720-1 - patchlevel 720 * Wed Sep 28 2022 Carl George - 2:9.0.475-2 - Obsolete vim-toml since the runtime files are now part of vim-common

References

[ 1 ] Bug #2129370 - CVE-2022-3234 vim: Heap-based Buffer Overflow https://bugzilla.redhat.com/show_bug.cgi?id=2129370 [ 2 ] Bug #2129371 - CVE-2022-3235 vim: Use After Free https://bugzilla.redhat.com/show_bug.cgi?id=2129371 [ 3 ] Bug #2129831 - CVE-2022-3278 vim: null pointer dereference in eval_next_non_blank() in eval.c https://bugzilla.redhat.com/show_bug.cgi?id=2129831 [ 4 ] Bug #2129835 - CVE-2022-3296 vim: stack buffer overflow in ex_finally() in ex_eval.c https://bugzilla.redhat.com/show_bug.cgi?id=2129835 [ 5 ] Bug #2129838 - CVE-2022-3297 vim: use-after-free in process_next_cpt_value() at insexpand.c https://bugzilla.redhat.com/show_bug.cgi?id=2129838 [ 6 ] Bug #2131087 - CVE-2022-3352 vim: use after free https://bugzilla.redhat.com/show_bug.cgi?id=2131087 [ 7 ] Bug #2132558 - CVE-2022-3324 vim: stack buffer overflow in win_redr_ruler() at drawscreen.c https://bugzilla.redhat.com/show_bug.cgi?id=2132558 [ 8 ] Bug #2132571 - CVE-2022-3256 vim: use-after-free in movemark() at mark.c https://bugzilla.redhat.com/show_bug.cgi?id=2132571

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-40161673a3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : vim
Product : Fedora 36
Version : 9.0.720
Release : 1.fc36
URL : https://www.vim.org/
Summary : The VIM editor

Related News

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

8 Reasons Why Kali Linux is the Ultimate Operating System for Hackers

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy