SUSE-SU-2024:4330-1

Опубликовано: 16 дек. 2024

Источник: suse-cvrf

Описание

Security update for vim

This update for vim fixes the following issues:

CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)

Other fixes:

Updated to version 9.1.0836

Список пакетов

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Container suse/manager/5.0/x86_64/server:latest

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Container suse/sle-micro/5.5/toolbox:latest

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Container suse/sle-micro/5.5:latest

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Container suse/sles/15.7/virt-launcher:1.4.0

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Azure-3P

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Azure-Basic

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Azure-Standard

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-Aliyun

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-GDC

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-HPC-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-HPC-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-HPC-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-HPC-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Hardened-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Hardened-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Hardened-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-BYOS

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-Azure

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-BYOS

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-BYOS-Azure

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-BYOS-EC2

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-BYOS-GCE

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-EC2

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-Micro-5-5-GCE

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Azure-3P

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Hardened-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAP-Hardened-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAPCAL-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAPCAL-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP5-SAPCAL-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Azure-Basic

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Azure-Standard

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-Aliyun

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-GDC

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-EC2-ECS-HVM

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-HPC-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Hardened-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Hardened-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Hardened-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-Hardened-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-BYOS

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAP-Hardened-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAPCAL

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAPCAL-Azure

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAPCAL-EC2

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image SLES15-SP6-SAPCAL-GCE

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

Image server-image

vim-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

SUSE Linux Enterprise Micro 5.5

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

vim-9.1.0836-150500.20.15.1

vim-data-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

vim-9.1.0836-150500.20.15.1

vim-data-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

gvim-9.1.0836-150500.20.15.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

gvim-9.1.0836-150500.20.15.1

openSUSE Leap 15.5

gvim-9.1.0836-150500.20.15.1

vim-9.1.0836-150500.20.15.1

vim-data-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

openSUSE Leap 15.6

gvim-9.1.0836-150500.20.15.1

vim-9.1.0836-150500.20.15.1

vim-data-9.1.0836-150500.20.15.1

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

openSUSE Leap Micro 5.5

vim-data-common-9.1.0836-150500.20.15.1

vim-small-9.1.0836-150500.20.15.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244330-1/
Link for SUSE-SU-2024:4330-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020004.html
E-Mail link for SUSE-SU-2024:4330-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1229238
SUSE Bug 1229238
https://bugzilla.suse.com/1231373
SUSE Bug 1231373
https://www.suse.com/security/cve/CVE-2024-43374/
SUSE CVE CVE-2024-43374 page
https://www.suse.com/security/cve/CVE-2024-47814/
SUSE CVE CVE-2024-47814 page

Описание

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.

Затронутые продукты

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.0836-150500.20.15.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.0836-150500.20.15.1

Container suse/manager/5.0/x86_64/server:latest:vim-9.1.0836-150500.20.15.1

Container suse/manager/5.0/x86_64/server:latest:vim-data-common-9.1.0836-150500.20.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-43374.html
CVE-2024-43374
https://bugzilla.suse.com/1229238
SUSE Bug 1229238

Описание

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Затронутые продукты

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.0836-150500.20.15.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.0836-150500.20.15.1

Container suse/manager/5.0/x86_64/server:latest:vim-9.1.0836-150500.20.15.1

Container suse/manager/5.0/x86_64/server:latest:vim-data-common-9.1.0836-150500.20.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-47814.html
CVE-2024-47814
https://bugzilla.suse.com/1231373
SUSE Bug 1231373