MGASA-2022-0223 - Updated vim packages fix security vulnerability
Publication date: 09 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0223.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-1851,
CVE-2022-1886,
CVE-2022-1897,
CVE-2022-1898,
CVE-2022-1927,
CVE-2022-1942
out-of-bounds read in gchar_cursor() in misc1.c (CVE-2022-1851)
use-after-free in find_pattern_in_path() in search.c (CVE-2022-1898)
out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)
buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927 )
out of bounds write in vim_regsub_both() (CVE-2022-1942)
heap-based buffer overflow in function utf_head_off (CVE-2022-1886)
References:
- https://bugs.mageia.org/show_bug.cgi?id=30503
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942
SRPMS:
- 8/core/vim-8.2.5052-1.mga8
Mageia 2022-0223: vim security update
Summary
out-of-bounds read in gchar_cursor() in misc1.c (CVE-2022-1851)
use-after-free in find_pattern_in_path() in search.c (CVE-2022-1898)
out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)
buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927 )
out of bounds write in vim_regsub_both() (CVE-2022-1942)
heap-based buffer overflow in function utf_head_off (CVE-2022-1886)
References
- https://bugs.mageia.org/show_bug.cgi?id=30503
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942
Resolution
MGASA-2022-0223 - Updated vim packages fix security vulnerability
SRPMS
- 8/core/vim-8.2.5052-1.mga8
Severity
Publication date: 09 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0223.html
Type: security
CVE: CVE-2022-1851,
CVE-2022-1886,
CVE-2022-1897,
CVE-2022-1898,
CVE-2022-1927,
CVE-2022-1942
News
HOWTOs
Features
How To Hide Your IP And Keep From Being Tracked
Which Browser is Best for Online Security?
Complete Guide to Using Wapiti Web Vulnerability Scanner to Keep Your Web Applications & Websites Secure
Guide to Web Application Penetration Testing
Thank You for Participating in Our Security Dashboard Redesign Survey
About Us
Powered By
