El-errata: ELSA-2022-0366 Moderate: Oracle Linux 8 vim security update
Oracle Linux Security Advisory ELSA-2022-0366
http://linux.oracle.com/errata/ELSA-2022-0366.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-common-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.4.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
aarch64:
vim-X11-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-common-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.4.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-16.0.1.el8_5.4.src.rpm
Related CVEs:
CVE-2021-3872
CVE-2021-3984
CVE-2021-4019
CVE-2021-4192
CVE-2021-4193
Description of changes:
[8.0.1763-16.0.1.4]
- - Remove upstream references [Orabug: 31197557]
[2:8.0.1763-16.4]
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
- CVE-2021-4192 vim: vulnerable to Use After Free
[2:8.0.1763-16.3]
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
[2:8.0.1763-16.2]
- remove the upstream test - uses a feature which is not presented in RHEL 8
[2:8.0.1763-16.1]
- CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
_______________________________________________
A vim security update has been released for Oracle Linux 8.
