Revision Date: | 2022-09-09 | Version: | 1 |
Title: | Security update for vim (Important) |
Description: |
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes:
- Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1186790 1200270 1200697 1200698 1200700 1200701 1200732 1200884 1200902 1200903 1200904 1201132 1201133 1201134 1201135 1201136 1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356 1201359 1201363 1201620 1201863 1202046 1202049 1202050 1202051 1202414 1202420 1202421 1202511 1202512 1202515 1202552 1202599 1202687 1202689 1202862 CVE-2009-3736 CVE-2013-7447 CVE-2013-7447 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-3016 SUSE-SU-2021:2457-1 SUSE-SU-2022:3229-1
|
Platform(s): | openSUSE 13.2 openSUSE Leap 15.4 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Containers 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for Rasperry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 SUSE Package Hub for SUSE Linux Enterprise 12 SP1
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.4 is installed AND Package Information
gvim-9.0.0313-150000.5.25.1 is installed
OR vim-9.0.0313-150000.5.25.1 is installed
OR vim-data-9.0.0313-150000.5.25.1 is installed
OR vim-data-common-9.0.0313-150000.5.25.1 is installed
OR vim-small-9.0.0313-150000.5.25.1 is installed
|
Definition Synopsis |
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
AND haproxy-1.5.4-1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 is installed
AND Package Information
aaa_base-13.2+git20140911.61c1681-1 is installed
OR aaa_base-extras-13.2+git20140911.61c1681-1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND perl-XML-LibXML-2.0019-5 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
AND Package Information
libltdl7-2.4.6-1.406 is installed
OR libtool-2.4.6-1.406 is installed
|
Definition Synopsis |
Release Information
SUSE Linux Enterprise Desktop 15 SP3 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
OR SUSE Linux Enterprise Server 15 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
OR SUSE Linux Enterprise Storage 7.1 is installed
OR SUSE Manager Proxy 4.2 is installed
OR SUSE Manager Retail Branch Server 4.2 is installed
OR SUSE Manager Server 4.2 is installed
AND Package Information
libwireshark14-3.4.6-3.56.1 is installed
OR libwiretap11-3.4.6-3.56.1 is installed
OR libwsutil12-3.4.6-3.56.1 is installed
OR wireshark-3.4.6-3.56.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise High Availability 15 is installed
AND Package Information
cluster-md-kmp-default-4.12.14-25.22 is installed
OR dlm-kmp-default-4.12.14-25.22 is installed
OR gfs2-kmp-default-4.12.14-25.22 is installed
OR kernel-default-4.12.14-25.22 is installed
OR ocfs2-kmp-default-4.12.14-25.22 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 is installed
AND sysstat-12.0.2-3.6 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
AND Package Information
libltdl7-2.4.6-1 is installed
OR libtool-2.4.6-1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Containers 15 is installed
AND Package Information
containerd-1.1.2-5.6 is installed
OR docker-18.09.0_ce-6.11 is installed
OR docker-bash-completion-18.09.0_ce-6.11 is installed
OR docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6 is installed
OR docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6 is installed
OR golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Desktop Applications 15 is installed
AND Package Information
cairo-1.15.10-4.5 is installed
OR libcairo2-32bit-1.15.10-4.5 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
AND Package Information
gtk2-data-2.24.32-2 is installed
OR gtk2-tools-32bit-2.24.32-2 is installed
OR libgtk-2_0-0-32bit-2.24.32-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Development Tools 15 is installed
AND Package Information
git-2.16.4-3.3 is installed
OR git-arch-2.16.4-3.3 is installed
OR git-cvs-2.16.4-3.3 is installed
OR git-daemon-2.16.4-3.3 is installed
OR git-doc-2.16.4-3.3 is installed
OR git-email-2.16.4-3.3 is installed
OR git-gui-2.16.4-3.3 is installed
OR git-svn-2.16.4-3.3 is installed
OR git-web-2.16.4-3.3 is installed
OR gitk-2.16.4-3.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed
AND Package Information
ImageMagick-7.0.7.34-3.72 is installed
OR perl-PerlMagick-7.0.7.34-3.72 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Legacy Software 15 is installed
AND Package Information
java-1_8_0-openjdk-1.8.0.171-3.3 is installed
OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed
OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed
OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Live Patching 15 is installed
AND Package Information
kernel-default-4.12.14-25.3 is installed
OR kernel-default-livepatch-4.12.14-25.3 is installed
OR kernel-livepatch-4_12_14-25_3-default-1-1.3 is installed
OR kernel-livepatch-SLE15_Update_1-1-1.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
AND Package Information
ffmpeg-3.4.2-4.12 is installed
OR ffmpeg-private-devel-3.4.2-4.12 is installed
OR libavdevice-devel-3.4.2-4.12 is installed
OR libavdevice57-3.4.2-4.12 is installed
OR libavfilter-devel-3.4.2-4.12 is installed
OR libavfilter6-3.4.2-4.12 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Server Applications 15 is installed
AND Package Information
openslp-2.0.0-6.3 is installed
OR openslp-server-2.0.0-6.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Web Scripting 15 is installed
AND Package Information
apache2-mod_php7-7.2.5-4.3 is installed
OR php7-7.2.5-4.3 is installed
OR php7-bcmath-7.2.5-4.3 is installed
OR php7-bz2-7.2.5-4.3 is installed
OR php7-calendar-7.2.5-4.3 is installed
OR php7-ctype-7.2.5-4.3 is installed
OR php7-curl-7.2.5-4.3 is installed
OR php7-dba-7.2.5-4.3 is installed
OR php7-devel-7.2.5-4.3 is installed
OR php7-dom-7.2.5-4.3 is installed
OR php7-enchant-7.2.5-4.3 is installed
OR php7-exif-7.2.5-4.3 is installed
OR php7-fastcgi-7.2.5-4.3 is installed
OR php7-fileinfo-7.2.5-4.3 is installed
OR php7-fpm-7.2.5-4.3 is installed
OR php7-ftp-7.2.5-4.3 is installed
OR php7-gd-7.2.5-4.3 is installed
OR php7-gettext-7.2.5-4.3 is installed
OR php7-gmp-7.2.5-4.3 is installed
OR php7-iconv-7.2.5-4.3 is installed
OR php7-intl-7.2.5-4.3 is installed
OR php7-json-7.2.5-4.3 is installed
OR php7-ldap-7.2.5-4.3 is installed
OR php7-mbstring-7.2.5-4.3 is installed
OR php7-mysql-7.2.5-4.3 is installed
OR php7-odbc-7.2.5-4.3 is installed
OR php7-opcache-7.2.5-4.3 is installed
OR php7-openssl-7.2.5-4.3 is installed
OR php7-pcntl-7.2.5-4.3 is installed
OR php7-pdo-7.2.5-4.3 is installed
OR php7-pear-7.2.5-4.3 is installed
OR php7-pear-Archive_Tar-7.2.5-4.3 is installed
OR php7-pgsql-7.2.5-4.3 is installed
OR php7-phar-7.2.5-4.3 is installed
OR php7-posix-7.2.5-4.3 is installed
OR php7-shmop-7.2.5-4.3 is installed
OR php7-snmp-7.2.5-4.3 is installed
OR php7-soap-7.2.5-4.3 is installed
OR php7-sockets-7.2.5-4.3 is installed
OR php7-sqlite-7.2.5-4.3 is installed
OR php7-sysvmsg-7.2.5-4.3 is installed
OR php7-sysvsem-7.2.5-4.3 is installed
OR php7-sysvshm-7.2.5-4.3 is installed
OR php7-tokenizer-7.2.5-4.3 is installed
OR php7-wddx-7.2.5-4.3 is installed
OR php7-xmlreader-7.2.5-4.3 is installed
OR php7-xmlrpc-7.2.5-4.3 is installed
OR php7-xmlwriter-7.2.5-4.3 is installed
OR php7-xsl-7.2.5-4.3 is installed
OR php7-zip-7.2.5-4.3 is installed
OR php7-zlib-7.2.5-4.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Workstation Extension 15 is installed
AND Package Information
kernel-default-4.12.14-25.6 is installed
OR kernel-default-extra-4.12.14-25.6 is installed
|
Definition Synopsis |
SUSE Package Hub for SUSE Linux Enterprise 12 is installed
AND Package Information
irssi-0.8.20-9 is installed
OR irssi-devel-0.8.20-9 is installed
|
Definition Synopsis |
SUSE Package Hub for SUSE Linux Enterprise 12 SP1 is installed
AND Package Information
kinit-5.20.0-5 is installed
OR kinit-devel-5.20.0-5 is installed
OR kinit-lang-5.20.0-5 is installed
|