Fedora 37: vim 2022-b9edf60581 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-b9edf60581
2022-09-14 00:18:15.239375
--------------------------------------------------------------------------------

Name        : vim
Product     : Fedora 37
Version     : 9.0.412
Release     : 1.fc37
URL         : https://www.vim.org/
Summary     : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor.  Vi was the first real screen-based editor for UNIX, and is
still very popular.  VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2022-3099, CVE-2022-3016, CVE-2022-2980, CVE-2022-2982
----  Security fixes for CVE-2022-2849, CVE-2022-2862, CVE-2022-3037,
CVE-2022-2845
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep  8 2022 Zdenek Dohnal  - 2:9.0.412-1
- patchlevel 412
* Thu Sep  1 2022 Zdenek Dohnal  - 2:9.0.348-1
- patchlevel 348
* Tue Aug 30 2022 Zdenek Dohnal  - 2:9.0.327-1
- patchlevel 327
* Tue Aug 23 2022 Zdenek Dohnal  - 2:9.0.246-1
- patchlevel 246
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2119844 - CVE-2022-2845 vim: Buffer Under-read
        https://bugzilla.redhat.com/show_bug.cgi?id=2119844
  [ 2 ] Bug #2122137 - CVE-2022-2849 vim: heap-based buffer overflow in latin_ptr2len() at src/mbyte.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2122137
  [ 3 ] Bug #2122139 - CVE-2022-2862 vim: heap use-after-free in generate_PCALL() at src/vim9instr.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2122139
  [ 4 ] Bug #2122907 - CVE-2022-3037 vim: use after free in function qf_buf_add_line( )
        https://bugzilla.redhat.com/show_bug.cgi?id=2122907
  [ 5 ] Bug #2123709 - CVE-2022-2980 vim: null pointer dereference in do_mouse() at src/mouse.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2123709
  [ 6 ] Bug #2123714 - CVE-2022-2982 vim: use after free in qf_fill_buffer() at src/quickfix.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2123714
  [ 7 ] Bug #2124157 - CVE-2022-3099 vim: Use After Free in do_cmdline() in ex_docmd.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2124157
  [ 8 ] Bug #2124208 - CVE-2022-3016 vim: use-after-free in get_next_valid_entry() at src/quickfix.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2124208
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-b9edf60581' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: vim 2022-b9edf60581

September 13, 2022
Security fix for CVE-2022-3099, CVE-2022-3016, CVE-2022-2980, CVE-2022-2982 ---- Security fixes for CVE-2022-2849, CVE-2022-2862, CVE-2022-3037, CVE-2022-2845

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

Security fix for CVE-2022-3099, CVE-2022-3016, CVE-2022-2980, CVE-2022-2982 ---- Security fixes for CVE-2022-2849, CVE-2022-2862, CVE-2022-3037, CVE-2022-2845

Change Log

* Thu Sep 8 2022 Zdenek Dohnal - 2:9.0.412-1 - patchlevel 412 * Thu Sep 1 2022 Zdenek Dohnal - 2:9.0.348-1 - patchlevel 348 * Tue Aug 30 2022 Zdenek Dohnal - 2:9.0.327-1 - patchlevel 327 * Tue Aug 23 2022 Zdenek Dohnal - 2:9.0.246-1 - patchlevel 246

References

[ 1 ] Bug #2119844 - CVE-2022-2845 vim: Buffer Under-read https://bugzilla.redhat.com/show_bug.cgi?id=2119844 [ 2 ] Bug #2122137 - CVE-2022-2849 vim: heap-based buffer overflow in latin_ptr2len() at src/mbyte.c https://bugzilla.redhat.com/show_bug.cgi?id=2122137 [ 3 ] Bug #2122139 - CVE-2022-2862 vim: heap use-after-free in generate_PCALL() at src/vim9instr.c https://bugzilla.redhat.com/show_bug.cgi?id=2122139 [ 4 ] Bug #2122907 - CVE-2022-3037 vim: use after free in function qf_buf_add_line( ) https://bugzilla.redhat.com/show_bug.cgi?id=2122907 [ 5 ] Bug #2123709 - CVE-2022-2980 vim: null pointer dereference in do_mouse() at src/mouse.c https://bugzilla.redhat.com/show_bug.cgi?id=2123709 [ 6 ] Bug #2123714 - CVE-2022-2982 vim: use after free in qf_fill_buffer() at src/quickfix.c https://bugzilla.redhat.com/show_bug.cgi?id=2123714 [ 7 ] Bug #2124157 - CVE-2022-3099 vim: Use After Free in do_cmdline() in ex_docmd.c https://bugzilla.redhat.com/show_bug.cgi?id=2124157 [ 8 ] Bug #2124208 - CVE-2022-3016 vim: use-after-free in get_next_valid_entry() at src/quickfix.c https://bugzilla.redhat.com/show_bug.cgi?id=2124208

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-b9edf60581' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : vim
Product : Fedora 37
Version : 9.0.412
Release : 1.fc37
URL : https://www.vim.org/
Summary : The VIM editor

News

Advisories

HOWTOs

Features

History of Malware on Linux and What's Being Done to Stop It
A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy