Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 38: FEDORA-2023-eec2cdb7ed Major: vim Buffer Overflow Fix

fedora
Calendar Grey November 26, 2023
Dist Fedora Esm H88
Alert for Fedora 38 users: vim contains critical security flaws. Ensure you obtain the most recent updates for your software.
The newest upstream commit Security fixes for CVE-2023-48233, CVE-2023-48231, CVE-2023-48232, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237.

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

The newest upstream commit Security fixes for CVE-2023-48233, CVE-2023-48231, CVE-2023-48232, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237.

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora memory leak vim

Change Log

* Wed Nov 22 2023 Zdenek Dohnal - 2:9.0.2120-1 - patchlevel 2120

References


[ 1 ] Bug #2250268 - CVE-2023-48231 vim: use after free in win_close() https://bugzilla.redhat.com/show_bug.cgi?id=2250268 [ 2 ] Bug #2250269 - CVE-2023-48232 vim: floating point exception in adjust_plines_for_skipcol() https://bugzilla.redhat.com/show_bug.cgi?id=2250269 [ 3 ] Bug #2250270 - CVE-2023-48233 vim: overflow with count for :s command https://bugzilla.redhat.com/show_bug.cgi?id=2250270 [ 4 ] Bug #2250271 - CVE-2023-48234 vim: overflow in nv_z_get_count https://bugzilla.redhat.com/show_bug.cgi?id=2250271 [ 5 ] Bug #2250272 - CVE-2023-48235 vim: overflow in ex address parsing https://bugzilla.redhat.com/show_bug.cgi?id=2250272 [ 6 ] Bug #2250273 - CVE-2023-48236 vim: overflow in get_number https://bugzilla.redhat.com/show_bug.cgi?id=2250273 [ 7 ] Bug #2250274 - CVE-2023-48237 vim: buffer overflow in shift_line https://bugzilla.redhat.com/show_bug.cgi?id=2250274

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-eec2cdb7ed' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: vim
Product: Fedora 38
Version: 9.0.2120
Release: 1.fc38
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora memory leak vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here