Описание
Security update for vim
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866).
- CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028).
- CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071).
- CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072).
- CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075).
- CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077).
- CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797).
- CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779).
Список пакетов
Image SLES12-SP5-Azure-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-HPC-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-HPC-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-SAP-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-SAP-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Standard-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-EC2-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-EC2-ECS-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-EC2-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-EC2-SAP-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-EC2-SAP-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-GCE-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-GCE-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-GCE-SAP-BYOS
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-GCE-SAP-On-Demand
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
vim-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE Linux Enterprise Server 12 SP2-BCL
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE Linux Enterprise Server 12 SP4-LTSS
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE Linux Enterprise Server 12 SP5
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE OpenStack Cloud 9
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
SUSE OpenStack Cloud Crowbar 9
gvim-9.0.1234-17.12.1
vim-9.0.1234-17.12.1
vim-data-9.0.1234-17.12.1
vim-data-common-9.0.1234-17.12.1
Ссылки
- Link for SUSE-SU-2023:0209-1
- E-Mail link for SUSE-SU-2023:0209-1
- SUSE Security Ratings
- SUSE Bug 1204779
- SUSE Bug 1205797
- SUSE Bug 1206028
- SUSE Bug 1206071
- SUSE Bug 1206072
- SUSE Bug 1206075
- SUSE Bug 1206077
- SUSE Bug 1206866
- SUSE Bug 1206867
- SUSE Bug 1206868
- SUSE Bug 1207162
- SUSE Bug 1207396
- SUSE CVE CVE-2022-3491 page
- SUSE CVE CVE-2022-3520 page
- SUSE CVE CVE-2022-3591 page
- SUSE CVE CVE-2022-3705 page
- SUSE CVE CVE-2022-4141 page
Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-3491
- SUSE Bug 1206028
Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-3520
- SUSE Bug 1206071
- SUSE Bug 1208100
- SUSE Bug 1208649
- SUSE Bug 1208651
Описание
Use After Free in GitHub repository vim/vim prior to 9.0.0789.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-3591
- SUSE Bug 1206072
- SUSE Bug 1208100
- SUSE Bug 1208649
Описание
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-3705
- SUSE Bug 1204779
Описание
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-4141
- SUSE Bug 1205797
- SUSE Bug 1208649
- SUSE Bug 1208651
Описание
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-4292
- SUSE Bug 1206075
- SUSE Bug 1208100
- SUSE Bug 1208649
- SUSE Bug 1208651
Описание
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2022-4293
- SUSE Bug 1206077
- SUSE Bug 1211489
Описание
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2023-0049
- SUSE Bug 1206866
Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2023-0051
- SUSE Bug 1206867
Описание
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2023-0054
- SUSE Bug 1206868
Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2023-0288
- SUSE Bug 1207162
Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-BYOS:vim-data-common-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-9.0.1234-17.12.1
Image SLES12-SP5-Azure-Basic-On-Demand:vim-data-common-9.0.1234-17.12.1
Ссылки
- CVE-2023-0433
- SUSE Bug 1207396