Fedora Linux 8811 Published by

A vim security update has been released for Fedora 36.



SECURITY: Fedora 36 Update: vim-9.0.049-1.fc36


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-b06fbea2c7
2022-07-14 01:43:48.689251
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 36
Version : 9.0.049
Release : 1.fc36
URL :   http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

The newest upstream commit Security fixes for CVE-2022-2257, CVE-2022-2284,
CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289,
CVE-2022-2264, CVE-2022-2304.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 11 2022 Zdenek Dohnal - 2:9.0.049-1
- patchlevel 049
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2103133 - CVE-2022-2257 vim: an out-of-bound read in function msg_outtrans_special
  https://bugzilla.redhat.com/show_bug.cgi?id=2103133
[ 2 ] Bug #2103872 - CVE-2022-2284 vim: out of bounds read in utfc_ptr2len() at mbyte.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103872
[ 3 ] Bug #2103874 - CVE-2022-2285 vim: integer overflow in del_typebuf() at getchar.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103874
[ 4 ] Bug #2103875 - CVE-2022-2286 vim: out of bounds read in ins_bytes() at change.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103875
[ 5 ] Bug #2103876 - CVE-2022-2287 vim: out of bounds read in suggest_trie_walk() at spellsuggest.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103876
[ 6 ] Bug #2103878 - CVE-2022-2288 vim: out of bounds write in parse_command_modifiers() at ex_docmd.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103878
[ 7 ] Bug #2103880 - CVE-2022-2289 vim: use after free in ex_diffgetput() at diff.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103880
[ 8 ] Bug #2103951 - CVE-2022-2264 vim: out of bounds read in inc() at misc2.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2103951
[ 9 ] Bug #2104416 - CVE-2022-2304 vim: stack buffer overflow in spell_dump_compl() at spell.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2104416
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-b06fbea2c7' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________