Описание
Security update for vim
This update for vim fixes the following issues:
Security issues fixed:
- CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724)
- CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053)
- CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057)
Non security issues fixed:
- Speed up YAML syntax highlighting (bsc#1018870)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:1811-1
- SUSE Security Ratings
Описание
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-5953
- SUSE Bug 1024724
- SUSE Bug 1123143
- SUSE Bug 1173534
Описание
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Затронутые продукты
Ссылки
- CVE-2017-6349
- SUSE Bug 1027057
Описание
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Затронутые продукты
Ссылки
- CVE-2017-6350
- SUSE Bug 1027053