Описание
Security update for vim
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:02227-1
- E-Mail link for SUSE-SU-2025:02227-1
- SUSE Security Ratings
- SUSE Bug 1228776
- SUSE Bug 1239602
- SUSE CVE CVE-2024-41965 page
- SUSE CVE CVE-2025-29768 page
Описание
Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.
Затронутые продукты
Ссылки
- CVE-2024-41965
- SUSE Bug 1228776
Описание
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
Затронутые продукты
Ссылки
- CVE-2025-29768
- SUSE Bug 1239602