Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

openSUSE: 2024:0871-1 Important: Vim Buffer Overflow and Security Issues

opensuse
Calendar Grey March 13, 2024
Dist Opensuse Esm H88
Essential vim enhancement addresses significant concerns such as memory corruption and double-free flaws in openSUSE.
This update for vim fixes the following issues: CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316)

Description

This update for vim fixes the following issues:

* CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).

* CVE-2023-48232: Fixed Floating point Exception in

adjust_plines_for_skipcol() (bsc#1217320).

* CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).

* CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).

* CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).

* CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).

* CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).

* CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).

* CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap

function in map.c (bsc#1219581).

* CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix

(bsc#1215005).

Updated to version 9.1 with patch level 0111:

https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111

Topics%20covered

Topics Covered

security advisory buffer overflow threat patch vim openSUSE use-after-free

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3

zypper in -t patch openSUSE-Leap-Micro-5.3-2024-871=1

* openSUSE Leap Micro 5.4

zypper in -t patch openSUSE-Leap-Micro-5.4-2024-871=1

* SUSE Linux Enterprise Micro for Rancher 5.3

zypper in -t patch SUSE-SLE-Micro-5.3-2024-871=1

* SUSE Linux Enterprise Micro 5.3

zypper in -t patch SUSE-SLE-Micro-5.3-2024-871=1

* SUSE Linux Enterprise Micro for Rancher 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2024-871=1

* SUSE Linux Enterprise Micro 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2024-871=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-871=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-871=1

* SUSE Linux Enterprise High Performance...

Read the Full Advisory

Package List

* openSUSE Leap Micro 5.3 (noarch)

* vim-data-common-9.1.0111-150000.5.60.1

* openSUSE Leap Micro 5.3 (aarch64 x86_64)

* vim-small-debuginfo-9.1.0111-150000.5.60.1

* vim-small-9.1.0111-150000.5.60.1

* vim-debugsource-9.1.0111-150000.5.60.1

* vim-debuginfo-9.1.0111-150000.5.60.1

* openSUSE Leap Micro 5.4 (noarch)

* vim-data-common-9.1.0111-150000.5.60.1

* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)

* vim-small-debuginfo-9.1.0111-150000.5.60.1

* vim-small-9.1.0111-150000.5.60.1

* vim-debugsource-9.1.0111-150000.5.60.1

* vim-debuginfo-9.1.0111-150000.5.60.1

* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)

* vim-data-common-9.1.0111-150000.5.60.1

* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)

* vim-small-debuginfo-9.1.0111-150000.5.60.1

* vim-small-9.1.0111-150000.5.60.1

* vim-debugsource-9.1.0111-150000.5.60.1

* vim-debuginfo-9.1.0111-150000.5.60.1

* SUSE Linux Enterprise Micro 5.3 (noarch)

* vim-data-common-9.1.0111-150000.5.60.1

* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x...

Read the Full Advisory

References

* bsc#1215005

* bsc#1217316

* bsc#1217320

* bsc#1217321

* bsc#1217324

* bsc#1217326

* bsc#1217329

* bsc#1217330

* bsc#1217432

* bsc#1219581

## References:

* https://www.suse.com/security/cve/CVE-2023-4750.html

* https://www.suse.com/security/cve/CVE-2023-48231.html

* https://www.suse.com/security/cve/CVE-2023-48232.html

* https://www.suse.com/security/cve/CVE-2023-48233.html

* https://www.suse.com/security/cve/CVE-2023-48234.html

* https://www.suse.com/security/cve/CVE-2023-48235.html

* https://www.suse.com/security/cve/CVE-2023-48236.html

* https://www.suse.com/security/cve/CVE-2023-48237.html

* https://www.suse.com/security/cve/CVE-2023-48706.html

* https://www.suse.com/security/cve/CVE-2024-22667.html

* https://bugzilla.suse.com/show_bug.cgi?id=1215005

* https://bugzilla.suse.com/show_bug.cgi?id=1217316

* https://bugzilla.suse.com/show_bug.cgi?id=1217320

* https://bugzilla.suse.com/show_bug.cgi?id=1217321

* https://bugzilla.suse.com/show_bug.cgi?id=1217324

* https://bugzilla.suse.com/show_bug.cgi?id=1217326

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0871-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow threat patch vim openSUSE use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here