Описание
Security update for vim
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Список пакетов
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container suse/sle-micro/5.5/toolbox:latest
Container suse/sle-micro/5.5:latest
Container suse/sles/15.7/virt-launcher:1.4.0
Image SLES15-SP5-Azure-3P
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
Image SLES15-SP5-Manager-Server-5-0
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
Image SLES15-SP5-Manager-Server-5-0-BYOS
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
Image SLES15-SP5-SAP-Azure-3P
Image SLES15-SP6-CHOST-BYOS
Image SLES15-SP6-CHOST-BYOS-Azure
Image SLES15-SP6-CHOST-BYOS-EC2
Image SLES15-SP6-CHOST-BYOS-GCE
Image SLES15-SP6-CHOST-BYOS-GDC
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:0723-1
- E-Mail link for SUSE-SU-2025:0723-1
- SUSE Security Ratings
- SUSE Bug 1229685
- SUSE Bug 1229822
- SUSE Bug 1230078
- SUSE Bug 1235695
- SUSE Bug 1236151
- SUSE Bug 1237137
- SUSE CVE CVE-2024-43790 page
- SUSE CVE CVE-2024-43802 page
- SUSE CVE CVE-2024-45306 page
- SUSE CVE CVE-2025-1215 page
- SUSE CVE CVE-2025-22134 page
- SUSE CVE CVE-2025-24014 page
Описание
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
Затронутые продукты
Ссылки
- CVE-2024-43790
- SUSE Bug 1229685
Описание
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.
Затронутые продукты
Ссылки
- CVE-2024-43802
- SUSE Bug 1229822
Описание
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2024-45306
- SUSE Bug 1230078
Описание
A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.
Затронутые продукты
Ссылки
- CVE-2025-1215
- SUSE Bug 1237137
Описание
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003
Затронутые продукты
Ссылки
- CVE-2025-22134
- SUSE Bug 1235695
Описание
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Затронутые продукты
Ссылки
- CVE-2025-24014
- SUSE Bug 1236151