SUSE-SU-2022:4619-1

Описание

This update for vim fixes the following issues:

Updated to version 9.0.0814:

• Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
• Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
• Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
• Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
• Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
• Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
• Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
• Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
• Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
• Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
• Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
• Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
• Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
• Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
• Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
• Fixing bsc#1200884 Vim: Error on startup
• Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
• Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
• Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
• Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
• Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
• Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
• Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
• Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
• Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
• Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
• Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
• Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
• Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
• Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
• Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
• Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
• Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
• Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
• Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
• Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
• Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
• Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
• Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
• Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
• Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
• Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
• Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
• Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
• Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
• Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
• Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
• Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
• Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
• Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
• Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
• Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
• Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
• Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
• Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
• Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
• Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
• Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
• Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
• Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free
• Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c
• Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read
• Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
• Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
• Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2.
• Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
• Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c
• Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2.
• Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range
• Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command
• Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars
• Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string
• Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path
• Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
• Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2
• Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2
• Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information
• Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read
• Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2
• Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2
• Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
• Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
• Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c
• Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2.
• Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
• Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
• Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
• Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
• Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
• Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
• Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
• Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
• Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
• Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
• Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
• Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
• Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
• Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
• Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c