Fedora Linux 8811 Published by

A vim security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: vim-9.0.049-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-9d7a58e376
2022-07-21 17:09:05.743623
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 35
Version : 9.0.049
Release : 1.fc35
URL :   http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286,
CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2264, CVE-2022-2304,
CVE-2022-2345, CVE-2022-2344, CVE-2022-2343.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 11 2022 Zdenek Dohnal - 2:9.0.049-1
- patchlevel 049
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2103133 - CVE-2022-2257 vim: an out-of-bound read in function msg_outtrans_special
  https://bugzilla.redhat.com/show_bug.cgi?id=2103133
[ 2 ] Bug #2103872 - CVE-2022-2284 vim: out of bounds read in utfc_ptr2len() at mbyte.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103872
[ 3 ] Bug #2103874 - CVE-2022-2285 vim: integer overflow in del_typebuf() at getchar.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103874
[ 4 ] Bug #2103875 - CVE-2022-2286 vim: out of bounds read in ins_bytes() at change.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103875
[ 5 ] Bug #2103876 - CVE-2022-2287 vim: out of bounds read in suggest_trie_walk() at spellsuggest.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103876
[ 6 ] Bug #2103878 - CVE-2022-2288 vim: out of bounds write in parse_command_modifiers() at ex_docmd.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103878
[ 7 ] Bug #2103880 - CVE-2022-2289 vim: use after free in ex_diffgetput() at diff.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103880
[ 8 ] Bug #2103951 - CVE-2022-2264 vim: out of bounds read in inc() at misc2.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103951
[ 9 ] Bug #2104416 - CVE-2022-2304 vim: stack buffer overflow in spell_dump_compl() at spell.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2104416
[ 10 ] Bug #2106775 - CVE-2022-2345 vim: use-after-free in skipwhite() in charset.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2106775
[ 11 ] Bug #2106779 - CVE-2022-2343 vim: heap-based buffer overflow in ins_compl_add() in insexpand.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2106779
[ 12 ] Bug #2106787 - CVE-2022-2344 vim: heap-based buffer overflow in ins_compl_add() in insexpand.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2106787
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-9d7a58e376' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________