Oracle Linux 6277 Published by

A vim security update has been released for Oracle Linux 8.



El-errata: ELSA-2022-0366 Moderate: Oracle Linux 8 vim security update


Oracle Linux Security Advisory ELSA-2022-0366

  http://linux.oracle.com/errata/ELSA-2022-0366.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-common-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.4.x86_64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.4.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.4.x86_64.rpm

aarch64:
vim-X11-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-common-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-enhanced-8.0.1763-16.0.1.el8_5.4.aarch64.rpm
vim-filesystem-8.0.1763-16.0.1.el8_5.4.noarch.rpm
vim-minimal-8.0.1763-16.0.1.el8_5.4.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-16.0.1.el8_5.4.src.rpm

Related CVEs:

CVE-2021-3872
CVE-2021-3984
CVE-2021-4019
CVE-2021-4192
CVE-2021-4193



Description of changes:

[8.0.1763-16.0.1.4]
- - Remove upstream references [Orabug: 31197557]

[2:8.0.1763-16.4]
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
- CVE-2021-4192 vim: vulnerable to Use After Free

[2:8.0.1763-16.3]
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]

[2:8.0.1763-16.2]
- remove the upstream test - uses a feature which is not presented in RHEL 8

[2:8.0.1763-16.1]
- CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]

_______________________________________________