SUSE-SU-2022:3229-1

Описание

This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0313:

• CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
• CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
• CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
• CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
• CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
• CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
• CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
• CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
• CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
• CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
• CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
• CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
• CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
• CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
• CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
• CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
• CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
• CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
• CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
• CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
• CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
• CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
• CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
• CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
• CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
• CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
• CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
• CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
• CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
• CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
• CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
• CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
• CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
• CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
• CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
• CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
• CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
• CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
• CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
• CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).

Bugfixes:

• Fixing vim error on startup (bsc#1200884).
• Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).