Oracle Linux 6278 Published by

A vim security update has been released for Oracle Linux 8.



El-errata: ELSA-2022-0894 Moderate: Oracle Linux 8 vim security update


Oracle Linux Security Advisory ELSA-2022-0894

http://linux.oracle.com/errata/ELSA-2022-0894.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-common-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.12.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.12.x86_64.rpm

aarch64:
vim-X11-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-common-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.12.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.12.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-16.0.1.el8_5.12.src.rpm

Related CVEs:

CVE-2022-0261
CVE-2022-0318
CVE-2022-0359
CVE-2022-0361
CVE-2022-0392
CVE-2022-0413



Description of changes:

[8.0.1763-16.0.1]
- - Remove upstream references [Orabug: 31197557]

[2:8.0.1763-16.12]
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository

[2:8.0.1763-16.11]
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
- Fix specfile problems
- Resolves: rhbz#2048525

[2:8.0.1763-16.10]
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
- Resolves: rhbz#2048525

[2:8.0.1763-16.9]
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
- Improve fix
- Resolves: rhbz#2049403

[2:8.0.1763-16.8]
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
- Resolves: rhbz#2049403

[2:8.0.1763-16.7]
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c

[2:8.0.1763-16.6]
- fix test suite after fix for CVE-2022-0318

[2:8.0.1763-16.5]
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c

_______________________________________________