El-errata: ELSA-2022-0894 Moderate: Oracle Linux 8 vim security update
Oracle Linux Security Advisory ELSA-2022-0894
http://linux.oracle.com/errata/ELSA-2022-0894.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-common-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.12.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.12.x86_64.rpm
aarch64:
vim-X11-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-common-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.12.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.12.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-16.0.1.el8_5.12.src.rpm
Related CVEs:
CVE-2022-0261
CVE-2022-0318
CVE-2022-0359
CVE-2022-0361
CVE-2022-0392
CVE-2022-0413
Description of changes:
[8.0.1763-16.0.1]
- - Remove upstream references [Orabug: 31197557]
[2:8.0.1763-16.12]
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
[2:8.0.1763-16.11]
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
- Fix specfile problems
- Resolves: rhbz#2048525
[2:8.0.1763-16.10]
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
- Resolves: rhbz#2048525
[2:8.0.1763-16.9]
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
- Improve fix
- Resolves: rhbz#2049403
[2:8.0.1763-16.8]
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
- Resolves: rhbz#2049403
[2:8.0.1763-16.7]
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
[2:8.0.1763-16.6]
- fix test suite after fix for CVE-2022-0318
[2:8.0.1763-16.5]
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
_______________________________________________
A vim security update has been released for Oracle Linux 8.
