Описание
Security update for vim
This update for vim fixes the following issues:
Security issues fixed:
- CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724)
- CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053)
- CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057)
Non security issues fixed:
- Speed up YAML syntax highlighting (bsc#1018870)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2017:1712-1
- E-Mail link for SUSE-SU-2017:1712-1
- SUSE Security Ratings
- SUSE Bug 1018870
- SUSE Bug 1024724
- SUSE Bug 1027053
- SUSE Bug 1027057
- SUSE CVE CVE-2017-5953 page
- SUSE CVE CVE-2017-6349 page
- SUSE CVE CVE-2017-6350 page
Описание
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-5953
- SUSE Bug 1024724
- SUSE Bug 1123143
- SUSE Bug 1173534
Описание
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Затронутые продукты
Ссылки
- CVE-2017-6349
- SUSE Bug 1027057
Описание
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Затронутые продукты
Ссылки
- CVE-2017-6350
- SUSE Bug 1027053