MGASA-2022-0203 - Updated vim packages fix security vulnerability

Publication date: 25 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0203.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-0213,
     CVE-2022-0261,
     CVE-2022-0128,
     CVE-2022-0318,
     CVE-2022-0351,
     CVE-2022-0359,
     CVE-2022-0408,
     CVE-2022-0413,
     CVE-2022-0393,
     CVE-2022-0417,
     CVE-2022-0443,
     CVE-2022-0572,
     CVE-2022-0629,
     CVE-2022-0696,
     CVE-2022-0714,
     CVE-2022-0729,
     CVE-2022-0685,
     CVE-2022-0554,
     CVE-2022-0943,
     CVE-2022-1160,
     CVE-2022-1154,
     CVE-2022-1381,
     CVE-2022-1420,
     CVE-2022-1616,
     CVE-2022-1619,
     CVE-2022-1620,
     CVE-2022-1621,
     CVE-2022-1629,
     CVE-2022-1674,
     CVE-2022-1769,
     CVE-2022-1733

vim is vulnerable to out of bounds read (CVE-2022-0213)
Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261)
a heap-based OOB read of size 1 (CVE-2022-0128)
heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318)
access of memory location before start of buffer (CVE-2022-0351)
heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359)
Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408)
use after free in src/ex_cmds.c (CVE-2022-0413)
out-of-bounds read in delete_buff_tail() in getchar.c (CVE-2022-0393)
heap-based-buffer-overflow in ex_retab() of src/indent.c (CVE-2022-0417)
heap-use-after-free in enter_buffer() of src/buffer.c (CVE-2022-0443)
heap overflow in ex_retab() may lead to crash (CVE-2022-0572)
Stack-based Buffer Overflow in vim prior to 8.2. (CVE-2022-0629)
NULL Pointer Dereference in vim prior to 8.2 (CVE-2022-0696)
buffer overflow (CVE-2022-0714)
Use of Out-of-range Pointer Offset (CVE-2022-0729)
Use of Out-of-range Pointer Offset in vim (CVE-2022-0685)
Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
heap buffer overflow in get_one_sourceline (CVE-2022-1160)
use after free in utf_ptr2char (CVE-2022-1154)
global heap buffer overflow in skip_range (CVE-2022-1381)
Out-of-range Pointer Offset (CVE-2022-1420)
heap-buffer-overflow in append_command of src/ex_docmd.c (CVE-2022-1616)
heap-buffer-overflow in cmdline_erase_chars of ex_getln.c (CVE-2022-1619)
NULL Pointer Dereference in vim_regexec_string() of regexp.c (CVE-2022-1620)
heap buffer overflow (CVE-2022-1621)
buffer over-read (CVE-2022-1629)
NULL pointer dereference in vim_regexec_string() of regexp.c (CVE-2022-1674)
a buffer over-read found in scriptfile.c (CVE-2022-1769)
Heap-based Buffer Overflow in cindent.c (CVE-2022-1733)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29972
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7JBXG3MU6EZWJGJD6UTHHONHGJBYPQQT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UCWG5L6CRQWACGVP7CYGESUB3G6QJ3GS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDNZ3N5S7UGKPUUKPGOQQGPJJK3YTW37/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/
- https://www.debian.org/lts/security/2022/dla-3011
- https://bugzilla.redhat.com/show_bug.cgi?id=2083924
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0261
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0318
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0351
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0408
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0413
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0393
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0417
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0443
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0554
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0943
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1381
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1674
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733

SRPMS:
- 8/core/vim-8.2.4975-1.mga8

Mageia 2022-0203: vim security update

vim is vulnerable to out of bounds read (CVE-2022-0213) Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261) a heap-based OOB read of size 1 (CVE-2022-0128) he...

Summary

vim is vulnerable to out of bounds read (CVE-2022-0213) Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261) a heap-based OOB read of size 1 (CVE-2022-0128) heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) access of memory location before start of buffer (CVE-2022-0351) heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408) use after free in src/ex_cmds.c (CVE-2022-0413) out-of-bounds read in delete_buff_tail() in getchar.c (CVE-2022-0393) heap-based-buffer-overflow in ex_retab() of src/indent.c (CVE-2022-0417) heap-use-after-free in enter_buffer() of src/buffer.c (CVE-2022-0443) heap overflow in ex_retab() may lead to crash (CVE-2022-0572) Stack-based Buffer Overflow in vim prior to 8.2. (CVE-2022-0629) NULL Pointer Dereference in vim prior to 8.2 (CVE-2022-0696) buffer overflow (CVE-2022-0714) Use of Out-of-range Pointer Offset (CVE-2022-0729) Use of Out-of-range Pointer Offset in vim (CVE-2022-0685) Use of Out-of-range Pointer Offset in vim (CVE-2022-0554) Heap-based Buffer Overflow occurs in vim (CVE-2022-0943) heap buffer overflow in get_one_sourceline (CVE-2022-1160) use after free in utf_ptr2char (CVE-2022-1154) global heap buffer overflow in skip_range (CVE-2022-1381) Out-of-range Pointer Offset (CVE-2022-1420) heap-buffer-overflow in append_command of src/ex_docmd.c (CVE-2022-1616) heap-buffer-overflow in cmdline_erase_chars of ex_getln.c (CVE-2022-1619) NULL Pointer Dereference in vim_regexec_string() of regexp.c (CVE-2022-1620) heap buffer overflow (CVE-2022-1621) buffer over-read (CVE-2022-1629) NULL pointer dereference in vim_regexec_string() of regexp.c (CVE-2022-1674) a buffer over-read found in scriptfile.c (CVE-2022-1769) Heap-based Buffer Overflow in cindent.c (CVE-2022-1733)

References

- https://bugs.mageia.org/show_bug.cgi?id=29972

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7JBXG3MU6EZWJGJD6UTHHONHGJBYPQQT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UCWG5L6CRQWACGVP7CYGESUB3G6QJ3GS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDNZ3N5S7UGKPUUKPGOQQGPJJK3YTW37/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/

- https://www.debian.org/lts/security/2022/dla-3011

- https://bugzilla.redhat.com/show_bug.cgi?id=2083924

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0261

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0318

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0351

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0408

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0413

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0393

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0417

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0443

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0572

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0629

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0714

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0729

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0685

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0554

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0943

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1160

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1381

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1420

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1674

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1769

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733

Resolution

MGASA-2022-0203 - Updated vim packages fix security vulnerability

SRPMS

- 8/core/vim-8.2.4975-1.mga8

Severity
Publication date: 25 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0203.html
Type: security
CVE: CVE-2022-0213, CVE-2022-0261, CVE-2022-0128, CVE-2022-0318, CVE-2022-0351, CVE-2022-0359, CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443, CVE-2022-0572, CVE-2022-0629, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0685, CVE-2022-0554, CVE-2022-0943, CVE-2022-1160, CVE-2022-1154, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1769, CVE-2022-1733

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved