Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02226-1

Опубликовано: 04 июл. 2025
Источник: suse-cvrf

Описание

Security update for vim

This update for vim fixes the following issues:

  • CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
  • CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).

Список пакетов

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5/toolbox:latest
vim-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5:latest
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
vim-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
vim-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
vim-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
vim-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
gvim-9.1.1406-150500.20.27.1
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
gvim-9.1.1406-150500.20.27.1
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Micro 5.5
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
gvim-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
gvim-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Server 15 SP5-LTSS
gvim-9.1.1406-150500.20.27.1
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
gvim-9.1.1406-150500.20.27.1
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1
openSUSE Leap 15.6
gvim-9.1.1406-150500.20.27.1
vim-9.1.1406-150500.20.27.1
vim-data-9.1.1406-150500.20.27.1
vim-data-common-9.1.1406-150500.20.27.1
vim-small-9.1.1406-150500.20.27.1

Ссылки

Описание

Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.

Затронутые продукты
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.1406-150500.20.27.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5/toolbox:latest:vim-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5/toolbox:latest:vim-data-common-9.1.1406-150500.20.27.1
Ссылки

Описание

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

Затронутые продукты
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.1406-150500.20.27.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5/toolbox:latest:vim-9.1.1406-150500.20.27.1
Container suse/sle-micro/5.5/toolbox:latest:vim-data-common-9.1.1406-150500.20.27.1
Ссылки
Уязвимость SUSE-SU-2025:02226-1