Описание
Security update for vim
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:03299-1
- E-Mail link for SUSE-SU-2025:03299-1
- SUSE Security Ratings
- SUSE Bug 1246602
- SUSE Bug 1246604
- SUSE Bug 1247938
- SUSE Bug 1247939
- SUSE CVE CVE-2025-53905 page
- SUSE CVE CVE-2025-53906 page
- SUSE CVE CVE-2025-55157 page
- SUSE CVE CVE-2025-55158 page
Описание
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-53905
- SUSE Bug 1246604
Описание
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-53906
- SUSE Bug 1246602
Описание
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim's internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.
Затронутые продукты
Ссылки
- CVE-2025-55157
- SUSE Bug 1247938
Описание
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim's internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
Затронутые продукты
Ссылки
- CVE-2025-55158
- SUSE Bug 1247939