ELSA-2022-5319

Опубликовано: 01 июл. 2022

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2022-5319: vim security update (MODERATE)

[2:8.0.1763-19.0.1.2]

Remove upstream references [Orabug: 31197557]
Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984]

[2:8.0.1763-19.2]

CVE-2022-1621 vim: heap buffer overflow
CVE-2022-1629 vim: buffer over-read

[2:8.0.1763-19.1]

CVE-2022-1154 vim: use after free in utf_ptr2char

[2:8.0.1763-19]

CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository

[2:8.0.1763-18]

CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
CVE-2022-0413 vim: use after free in src/ex_cmds.c

[2:8.0.1763-18]

fix test suite after fix for CVE-2022-0318
CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c

[2:8.0.1763-18]

CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c

[2:8.0.1763-18]

CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
CVE-2021-4192 vim: vulnerable to Use After Free

[2:8.0.1763-18]

2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]

[2:8.0.1763-17]

2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

vim-X11

8.0.1763-19.0.1.el8_6.2

vim-common

8.0.1763-19.0.1.el8_6.2

vim-enhanced

8.0.1763-19.0.1.el8_6.2

vim-filesystem

8.0.1763-19.0.1.el8_6.2

vim-minimal

8.0.1763-19.0.1.el8_6.2

Oracle Linux x86_64

vim-X11

8.0.1763-19.0.1.el8_6.2

vim-common

8.0.1763-19.0.1.el8_6.2

vim-enhanced

8.0.1763-19.0.1.el8_6.2

vim-filesystem

8.0.1763-19.0.1.el8_6.2

vim-minimal

8.0.1763-19.0.1.el8_6.2

Связанные CVE

CVE-2022-1629

CVE-2022-1621

Ссылки на источники

Связанные уязвимости

RLSA-2022:5319

rocky

почти 3 года назад

Moderate: vim security update

ELSA-2022-5242

oracle-oval

почти 3 года назад

ELSA-2022-5242: vim security update (MODERATE)

CVE-2022-1629

CVSS3: 7.8

ubuntu

около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

CVE-2022-1629

CVSS3: 7.8

redhat

около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

CVE-2022-1629

CVSS3: 7.8

nvd

около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution