SUSE: 2022:3229-1 important: vim | LinuxSecurity.com

   SUSE Security Update: Security update for vim
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3229-1
Rating:             important
References:         #1200270 #1200697 #1200698 #1200700 #1200701 
                    #1200732 #1200884 #1200902 #1200903 #1200904 
                    #1201132 #1201133 #1201134 #1201135 #1201136 
                    #1201150 #1201151 #1201152 #1201153 #1201154 
                    #1201155 #1201249 #1201356 #1201359 #1201363 
                    #1201620 #1201863 #1202046 #1202049 #1202050 
                    #1202051 #1202414 #1202420 #1202421 #1202511 
                    #1202512 #1202515 #1202552 #1202599 #1202687 
                    #1202689 #1202862 
Cross-References:   CVE-2022-1720 CVE-2022-1968 CVE-2022-2124
                    CVE-2022-2125 CVE-2022-2126 CVE-2022-2129
                    CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
                    CVE-2022-2206 CVE-2022-2207 CVE-2022-2208
                    CVE-2022-2210 CVE-2022-2231 CVE-2022-2257
                    CVE-2022-2264 CVE-2022-2284 CVE-2022-2285
                    CVE-2022-2286 CVE-2022-2287 CVE-2022-2304
                    CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
                    CVE-2022-2522 CVE-2022-2571 CVE-2022-2580
                    CVE-2022-2581 CVE-2022-2598 CVE-2022-2816
                    CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
                    CVE-2022-2849 CVE-2022-2862 CVE-2022-2874
                    CVE-2022-2889 CVE-2022-2923 CVE-2022-2946
                    CVE-2022-3016
CVSS scores:
                    CVE-2022-1720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-1720 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-1968 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-1968 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
                    CVE-2022-2124 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2124 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2125 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2126 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2129 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2175 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2175 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2182 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2182 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
                    CVE-2022-2183 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2183 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
                    CVE-2022-2206 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2206 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
                    CVE-2022-2207 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2207 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2208 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2210 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2210 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-2231 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2231 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2257 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2257 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2264 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2264 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2284 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2284 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2285 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2285 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
                    CVE-2022-2286 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2286 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2287 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
                    CVE-2022-2287 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2304 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2304 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-2343 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2343 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2344 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2345 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2345 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2522 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2522 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2571 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2571 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-2580 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2580 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-2581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2581 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2022-2598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2598 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2816 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2816 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2817 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2817 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2819 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2819 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2845 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2845 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2849 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2862 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
                    CVE-2022-2874 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2874 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2889 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2889 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2923 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-2923 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-2946 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-2946 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-3016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-3016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE CaaS Platform 4.0
                    SUSE Enterprise Storage 6
                    SUSE Enterprise Storage 7
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise Desktop 15-SP4
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP4
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP4
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP2-BCL
                    SUSE Linux Enterprise Server 15-SP2-LTSS
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15-SP2
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Linux Enterprise Storage 7.1
                    SUSE Manager Proxy 4.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.1
                    SUSE Manager Server 4.2
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
                    openSUSE Leap Micro 5.2
______________________________________________________________________________

   An update that solves 40 vulnerabilities and has two fixes
   is now available.

Description:

   This update for vim fixes the following issues:

   Updated to version 9.0 with patch level 0313:

   - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent()
     (bsc#1200902).
   - CVE-2022-2182: Fixed heap-based buffer overflow through
     parse_cmd_address() (bsc#1200903).
   - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg()
     (bsc#1200904).
   - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl()
     (bsc#1201249).
   - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim
     prior to 9.0.0044 (bsc#1201356).
   - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to
     9.0.0045 (bsc#1201359).
   - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to
     9.0.0046. (bsc#1201363).
   - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock()
     (bsc#1202414).
   - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar()
     (bsc#1202552).
   - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
   - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
   - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent()
     (bsc#1200698).
   - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk()
     (bsc#1200700).
   - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both()
     (bsc#1200701).
   - CVE-2022-1720: Fixed out of bounds read in grab_file_name()
     (bsc#1200732).
   - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
   - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
   - CVE-2022-2285: Fixed negative size passed to memmove() due to integer
     overflow (bsc#1201134).
   - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
   - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk()
     (bsc#1201136).
   - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
   - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
   - CVE-2022-2208: Fixed null pointer dereference in diff_check()
     (bsc#1201152).
   - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
   - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special()
     (bsc#1201154).
   - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr()
     (bsc#1201155).
   - CVE-2022-2522: Fixed out of bounds read via nested autocommand
     (bsc#1201863).
   - CVE-2022-2571: Fixed heap-based buffer overflow related to
     ins_comp_get_next_word_or_line() (bsc#1202046).
   - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string()
     (bsc#1202049).
   - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr()
     (bsc#1202050).
   - CVE-2022-2598: Fixed undefined behavior for Input to API related to
     diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
   - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
   - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet()
     (bsc#1202421).
   - CVE-2022-2862: Fixed use-after-free in compile_nested_function()
     (bsc#1202511).
   - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len()
     (bsc#1202512).
   - CVE-2022-2845: Fixed buffer Over-read related to display_dollar()
     (bsc#1202515).
   - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in
     evalvars.c (bsc#1202599).
   - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository
     vim/vim prior to 9.0.0240 (bsc#1202687).
   - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval
     (bsc#1202689).
   - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285
     (bsc#1202862).

   Bugfixes:

   - Fixing vim error on startup (bsc#1200884).
   - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib
     issue (bsc#1201620).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3229=1

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-3229=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-3229=1

   - SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3229=1

   - SUSE Manager Retail Branch Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3229=1

   - SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3229=1

   - SUSE Linux Enterprise Server for SAP 15-SP2:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3229=1

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3229=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3229=1

   - SUSE Linux Enterprise Server 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3229=1

   - SUSE Linux Enterprise Server 15-SP2-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3229=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3229=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3229=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3229=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3229=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3229=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3229=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3229=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3229=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1

   - SUSE Enterprise Storage 7:

      zypper in -t patch SUSE-Storage-7-2022-3229=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2022-3229=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - openSUSE Leap Micro 5.2 (aarch64 x86_64):

      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - openSUSE Leap Micro 5.2 (noarch):

      vim-data-common-9.0.0313-150000.5.25.1

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - openSUSE Leap 15.4 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - openSUSE Leap 15.3 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Manager Server 4.1 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Manager Retail Branch Server 4.1 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Manager Retail Branch Server 4.1 (x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Manager Proxy 4.1 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Manager Proxy 4.1 (x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):

      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):

      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Micro 5.2 (noarch):

      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):

      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1
      vim-small-9.0.0313-150000.5.25.1
      vim-small-debuginfo-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise Micro 5.1 (noarch):

      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Enterprise Storage 7 (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Enterprise Storage 7 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1

   - SUSE Enterprise Storage 6 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE CaaS Platform 4.0 (noarch):

      vim-data-9.0.0313-150000.5.25.1
      vim-data-common-9.0.0313-150000.5.25.1

   - SUSE CaaS Platform 4.0 (x86_64):

      gvim-9.0.0313-150000.5.25.1
      gvim-debuginfo-9.0.0313-150000.5.25.1
      vim-9.0.0313-150000.5.25.1
      vim-debuginfo-9.0.0313-150000.5.25.1
      vim-debugsource-9.0.0313-150000.5.25.1


References:

   https://www.suse.com/security/cve/CVE-2022-1720.html
   https://www.suse.com/security/cve/CVE-2022-1968.html
   https://www.suse.com/security/cve/CVE-2022-2124.html
   https://www.suse.com/security/cve/CVE-2022-2125.html
   https://www.suse.com/security/cve/CVE-2022-2126.html
   https://www.suse.com/security/cve/CVE-2022-2129.html
   https://www.suse.com/security/cve/CVE-2022-2175.html
   https://www.suse.com/security/cve/CVE-2022-2182.html
   https://www.suse.com/security/cve/CVE-2022-2183.html
   https://www.suse.com/security/cve/CVE-2022-2206.html
   https://www.suse.com/security/cve/CVE-2022-2207.html
   https://www.suse.com/security/cve/CVE-2022-2208.html
   https://www.suse.com/security/cve/CVE-2022-2210.html
   https://www.suse.com/security/cve/CVE-2022-2231.html
   https://www.suse.com/security/cve/CVE-2022-2257.html
   https://www.suse.com/security/cve/CVE-2022-2264.html
   https://www.suse.com/security/cve/CVE-2022-2284.html
   https://www.suse.com/security/cve/CVE-2022-2285.html
   https://www.suse.com/security/cve/CVE-2022-2286.html
   https://www.suse.com/security/cve/CVE-2022-2287.html
   https://www.suse.com/security/cve/CVE-2022-2304.html
   https://www.suse.com/security/cve/CVE-2022-2343.html
   https://www.suse.com/security/cve/CVE-2022-2344.html
   https://www.suse.com/security/cve/CVE-2022-2345.html
   https://www.suse.com/security/cve/CVE-2022-2522.html
   https://www.suse.com/security/cve/CVE-2022-2571.html
   https://www.suse.com/security/cve/CVE-2022-2580.html
   https://www.suse.com/security/cve/CVE-2022-2581.html
   https://www.suse.com/security/cve/CVE-2022-2598.html
   https://www.suse.com/security/cve/CVE-2022-2816.html
   https://www.suse.com/security/cve/CVE-2022-2817.html
   https://www.suse.com/security/cve/CVE-2022-2819.html
   https://www.suse.com/security/cve/CVE-2022-2845.html
   https://www.suse.com/security/cve/CVE-2022-2849.html
   https://www.suse.com/security/cve/CVE-2022-2862.html
   https://www.suse.com/security/cve/CVE-2022-2874.html
   https://www.suse.com/security/cve/CVE-2022-2889.html
   https://www.suse.com/security/cve/CVE-2022-2923.html
   https://www.suse.com/security/cve/CVE-2022-2946.html
   https://www.suse.com/security/cve/CVE-2022-3016.html
   https://bugzilla.suse.com/1200270
   https://bugzilla.suse.com/1200697
   https://bugzilla.suse.com/1200698
   https://bugzilla.suse.com/1200700
   https://bugzilla.suse.com/1200701
   https://bugzilla.suse.com/1200732
   https://bugzilla.suse.com/1200884
   https://bugzilla.suse.com/1200902
   https://bugzilla.suse.com/1200903
   https://bugzilla.suse.com/1200904
   https://bugzilla.suse.com/1201132
   https://bugzilla.suse.com/1201133
   https://bugzilla.suse.com/1201134
   https://bugzilla.suse.com/1201135
   https://bugzilla.suse.com/1201136
   https://bugzilla.suse.com/1201150
   https://bugzilla.suse.com/1201151
   https://bugzilla.suse.com/1201152
   https://bugzilla.suse.com/1201153
   https://bugzilla.suse.com/1201154
   https://bugzilla.suse.com/1201155
   https://bugzilla.suse.com/1201249
   https://bugzilla.suse.com/1201356
   https://bugzilla.suse.com/1201359
   https://bugzilla.suse.com/1201363
   https://bugzilla.suse.com/1201620
   https://bugzilla.suse.com/1201863
   https://bugzilla.suse.com/1202046
   https://bugzilla.suse.com/1202049
   https://bugzilla.suse.com/1202050
   https://bugzilla.suse.com/1202051
   https://bugzilla.suse.com/1202414
   https://bugzilla.suse.com/1202420
   https://bugzilla.suse.com/1202421
   https://bugzilla.suse.com/1202511
   https://bugzilla.suse.com/1202512
   https://bugzilla.suse.com/1202515
   https://bugzilla.suse.com/1202552
   https://bugzilla.suse.com/1202599
   https://bugzilla.suse.com/1202687
   https://bugzilla.suse.com/1202689
   https://bugzilla.suse.com/1202862

SUSE: 2022:3229-1 important: vim

September 9, 2022
An update that solves 40 vulnerabilities and has two fixes is now available

Summary

This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3229=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3229=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3229=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3229=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3229=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3229=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3229=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3229=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3229=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3229=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3229=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3229=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3229=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3229=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3229=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3229=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3229=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3229=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3229=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3229=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3229=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - openSUSE Leap Micro 5.2 (noarch): vim-data-common-9.0.0313-150000.5.25.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - openSUSE Leap 15.4 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - openSUSE Leap 15.3 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Manager Server 4.1 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 vim-small-9.0.0313-150000.5.25.1 vim-small-debuginfo-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Enterprise Storage 7 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1 - SUSE Enterprise Storage 6 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-9.0.0313-150000.5.25.1 gvim-debuginfo-9.0.0313-150000.5.25.1 vim-9.0.0313-150000.5.25.1 vim-debuginfo-9.0.0313-150000.5.25.1 vim-debugsource-9.0.0313-150000.5.25.1

References

#1200270 #1200697 #1200698 #1200700 #1200701

#1200732 #1200884 #1200902 #1200903 #1200904

#1201132 #1201133 #1201134 #1201135 #1201136

#1201150 #1201151 #1201152 #1201153 #1201154

#1201155 #1201249 #1201356 #1201359 #1201363

#1201620 #1201863 #1202046 #1202049 #1202050

#1202051 #1202414 #1202420 #1202421 #1202511

#1202512 #1202515 #1202552 #1202599 #1202687

#1202689 #1202862

Cross- CVE-2022-1720 CVE-2022-1968 CVE-2022-2124

CVE-2022-2125 CVE-2022-2126 CVE-2022-2129

CVE-2022-2175 CVE-2022-2182 CVE-2022-2183

CVE-2022-2206 CVE-2022-2207 CVE-2022-2208

CVE-2022-2210 CVE-2022-2231 CVE-2022-2257

CVE-2022-2264 CVE-2022-2284 CVE-2022-2285

CVE-2022-2286 CVE-2022-2287 CVE-2022-2304

CVE-2022-2343 CVE-2022-2344 CVE-2022-2345

CVE-2022-2522 CVE-2022-2571 CVE-2022-2580

CVE-2022-2581 CVE-2022-2598 CVE-2022-2816

CVE-2022-2817 CVE-2022-2819 CVE-2022-2845

CVE-2022-2849 CVE-2022-2862 CVE-2022-2874

CVE-2022-2889 CVE-2022-2923 CVE-2022-2946

CVE-2022-3016

CVSS scores:

CVE-2022-1720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1720 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-1968 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1968 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVE-2022-2124 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2124 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2125 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2126 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2129 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2175 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2175 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2182 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2182 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

CVE-2022-2183 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2183 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVE-2022-2206 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2206 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVE-2022-2207 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2207 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2208 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2210 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2210 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-2231 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2231 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2257 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2257 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2264 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2264 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2284 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2284 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2285 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2285 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVE-2022-2286 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2286 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2287 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2022-2287 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2304 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2304 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-2343 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2343 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2344 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2345 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2345 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2522 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2522 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2571 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2571 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-2580 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2580 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-2581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2581 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2022-2598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2598 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2816 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2816 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2817 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2817 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2819 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2819 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2845 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2845 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2849 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2862 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVE-2022-2874 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2874 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2889 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2889 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2923 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-2923 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-2946 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-2946 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-3016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-3016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Enterprise Storage 7

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP4

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP4

SUSE Linux Enterprise Module for Desktop Applications 15-SP3

SUSE Linux Enterprise Module for Desktop Applications 15-SP4

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server 15-SP2-BCL

SUSE Linux Enterprise Server 15-SP2-LTSS

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server 15-SP4

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP 15-SP2

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP4

SUSE Linux Enterprise Storage 7.1

SUSE Manager Proxy 4.1

SUSE Manager Proxy 4.2

SUSE Manager Proxy 4.3

SUSE Manager Retail Branch Server 4.1

SUSE Manager Retail Branch Server 4.2

SUSE Manager Retail Branch Server 4.3

SUSE Manager Server 4.1

SUSE Manager Server 4.2

SUSE Manager Server 4.3

openSUSE Leap 15.3

openSUSE Leap 15.4

openSUSE Leap Micro 5.2

https://www.suse.com/security/cve/CVE-2022-1720.html

https://www.suse.com/security/cve/CVE-2022-1968.html

https://www.suse.com/security/cve/CVE-2022-2124.html

https://www.suse.com/security/cve/CVE-2022-2125.html

https://www.suse.com/security/cve/CVE-2022-2126.html

https://www.suse.com/security/cve/CVE-2022-2129.html

https://www.suse.com/security/cve/CVE-2022-2175.html

https://www.suse.com/security/cve/CVE-2022-2182.html

https://www.suse.com/security/cve/CVE-2022-2183.html

https://www.suse.com/security/cve/CVE-2022-2206.html

https://www.suse.com/security/cve/CVE-2022-2207.html

https://www.suse.com/security/cve/CVE-2022-2208.html

https://www.suse.com/security/cve/CVE-2022-2210.html

https://www.suse.com/security/cve/CVE-2022-2231.html

https://www.suse.com/security/cve/CVE-2022-2257.html

https://www.suse.com/security/cve/CVE-2022-2264.html

https://www.suse.com/security/cve/CVE-2022-2284.html

https://www.suse.com/security/cve/CVE-2022-2285.html

https://www.suse.com/security/cve/CVE-2022-2286.html

https://www.suse.com/security/cve/CVE-2022-2287.html

https://www.suse.com/security/cve/CVE-2022-2304.html

https://www.suse.com/security/cve/CVE-2022-2343.html

https://www.suse.com/security/cve/CVE-2022-2344.html

https://www.suse.com/security/cve/CVE-2022-2345.html

https://www.suse.com/security/cve/CVE-2022-2522.html

https://www.suse.com/security/cve/CVE-2022-2571.html

https://www.suse.com/security/cve/CVE-2022-2580.html

https://www.suse.com/security/cve/CVE-2022-2581.html

https://www.suse.com/security/cve/CVE-2022-2598.html

https://www.suse.com/security/cve/CVE-2022-2816.html

https://www.suse.com/security/cve/CVE-2022-2817.html

https://www.suse.com/security/cve/CVE-2022-2819.html

https://www.suse.com/security/cve/CVE-2022-2845.html

https://www.suse.com/security/cve/CVE-2022-2849.html

https://www.suse.com/security/cve/CVE-2022-2862.html

https://www.suse.com/security/cve/CVE-2022-2874.html

https://www.suse.com/security/cve/CVE-2022-2889.html

https://www.suse.com/security/cve/CVE-2022-2923.html

https://www.suse.com/security/cve/CVE-2022-2946.html

https://www.suse.com/security/cve/CVE-2022-3016.html

https://bugzilla.suse.com/1200270

https://bugzilla.suse.com/1200697

https://bugzilla.suse.com/1200698

https://bugzilla.suse.com/1200700

https://bugzilla.suse.com/1200701

https://bugzilla.suse.com/1200732

https://bugzilla.suse.com/1200884

https://bugzilla.suse.com/1200902

https://bugzilla.suse.com/1200903

https://bugzilla.suse.com/1200904

https://bugzilla.suse.com/1201132

https://bugzilla.suse.com/1201133

https://bugzilla.suse.com/1201134

https://bugzilla.suse.com/1201135

https://bugzilla.suse.com/1201136

https://bugzilla.suse.com/1201150

https://bugzilla.suse.com/1201151

https://bugzilla.suse.com/1201152

https://bugzilla.suse.com/1201153

https://bugzilla.suse.com/1201154

https://bugzilla.suse.com/1201155

https://bugzilla.suse.com/1201249

https://bugzilla.suse.com/1201356

https://bugzilla.suse.com/1201359

https://bugzilla.suse.com/1201363

https://bugzilla.suse.com/1201620

https://bugzilla.suse.com/1201863

https://bugzilla.suse.com/1202046

https://bugzilla.suse.com/1202049

https://bugzilla.suse.com/1202050

https://bugzilla.suse.com/1202051

https://bugzilla.suse.com/1202414

https://bugzilla.suse.com/1202420

https://bugzilla.suse.com/1202421

https://bugzilla.suse.com/1202511

https://bugzilla.suse.com/1202512

https://bugzilla.suse.com/1202515

https://bugzilla.suse.com/1202552

https://bugzilla.suse.com/1202599

https://bugzilla.suse.com/1202687

https://bugzilla.suse.com/1202689

https://bugzilla.suse.com/1202862

Severity
Announcement ID: SUSE-SU-2022:3229-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.