Fedora Linux 8810 Published by

A vim security update has been released for Fedora 36.



SECURITY: Fedora 36 Update: vim-8.2.5172-1.fc36


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-719f3ec21b
2022-06-30 01:17:00.409781
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 36
Version : 8.2.5172
Release : 1.fc36
URL :   http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126,
CVE-2022-1720, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2231,
CVE-2022-2210, CVE-2022-2208, CVE-2022-2207, CVE-2022-2206
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 28 2022 Zdenek Dohnal - 2:8.2.5172-1
- patchlevel 5172
* Tue Jun 21 2022 Zdenek Dohnal - 2:8.2.5141-1
- patchlevel 5141
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2099558 - CVE-2022-2124 vim: out of bounds read in current_quote()
  https://bugzilla.redhat.com/show_bug.cgi?id=2099558
[ 2 ] Bug #2099586 - CVE-2022-2129 vim: out of bounds write in vim_regsub_both()
  https://bugzilla.redhat.com/show_bug.cgi?id=2099586
[ 3 ] Bug #2099590 - CVE-2022-2125 vim: out of bounds read in get_lisp_indent()
  https://bugzilla.redhat.com/show_bug.cgi?id=2099590
[ 4 ] Bug #2099596 - CVE-2022-2126 vim: out of bounds read in suggest_trie_walk()
  https://bugzilla.redhat.com/show_bug.cgi?id=2099596
[ 5 ] Bug #2099979 - CVE-2022-1720 vim: buffer over-read in grab_file_name() in findfile.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2099979
[ 6 ] Bug #2101293 - CVE-2022-2175 vim: buffer over-read in put_on_cmdline() at ex_getln.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2101293
[ 7 ] Bug #2102153 - CVE-2022-2182 vim: heap-based buffer overflow through parse_cmd_address() in function utf_ptr2char
  https://bugzilla.redhat.com/show_bug.cgi?id=2102153
[ 8 ] Bug #2102159 - CVE-2022-2183 vim: out-of-bounds read through get_lisp_indent() in function get_lisp_indent
  https://bugzilla.redhat.com/show_bug.cgi?id=2102159
[ 9 ] Bug #2102173 - CVE-2022-2231 vim: null pointer derefernce in function skipwhite may lead to DoS
  https://bugzilla.redhat.com/show_bug.cgi?id=2102173
[ 10 ] Bug #2102177 - CVE-2022-2210 vim: out-of-bound write in function ml_append_int
  https://bugzilla.redhat.com/show_bug.cgi?id=2102177
[ 11 ] Bug #2102183 - CVE-2022-2208 vim: null pointer dereference in function diff_check
  https://bugzilla.redhat.com/show_bug.cgi?id=2102183
[ 12 ] Bug #2102185 - CVE-2022-2207 vim: heap-based buffer overflow in function ins_bs
  https://bugzilla.redhat.com/show_bug.cgi?id=2102185
[ 13 ] Bug #2102188 - CVE-2022-2206 vim: out-of-bound read in function msg_outtrans_attr
  https://bugzilla.redhat.com/show_bug.cgi?id=2102188
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-719f3ec21b' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________