--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-b9edf60581
2022-09-14 00:18:15.239375
--------------------------------------------------------------------------------
Name : vim
Product : Fedora 37
Version : 9.0.412
Release : 1.fc37
URL :
http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-3099, CVE-2022-3016, CVE-2022-2980, CVE-2022-2982
---- Security fixes for CVE-2022-2849, CVE-2022-2862, CVE-2022-3037,
CVE-2022-2845
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 8 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.412-1
- patchlevel 412
* Thu Sep 1 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.348-1
- patchlevel 348
* Tue Aug 30 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.327-1
- patchlevel 327
* Tue Aug 23 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.246-1
- patchlevel 246
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2119844 - CVE-2022-2845 vim: Buffer Under-read
https://bugzilla.redhat.com/show_bug.cgi?id=2119844
[ 2 ] Bug #2122137 - CVE-2022-2849 vim: heap-based buffer overflow in latin_ptr2len() at
src/mbyte.c
https://bugzilla.redhat.com/show_bug.cgi?id=2122137
[ 3 ] Bug #2122139 - CVE-2022-2862 vim: heap use-after-free in generate_PCALL() at
src/vim9instr.c
https://bugzilla.redhat.com/show_bug.cgi?id=2122139
[ 4 ] Bug #2122907 - CVE-2022-3037 vim: use after free in function qf_buf_add_line( )
https://bugzilla.redhat.com/show_bug.cgi?id=2122907
[ 5 ] Bug #2123709 - CVE-2022-2980 vim: null pointer dereference in do_mouse() at
src/mouse.c
https://bugzilla.redhat.com/show_bug.cgi?id=2123709
[ 6 ] Bug #2123714 - CVE-2022-2982 vim: use after free in qf_fill_buffer() at
src/quickfix.c
https://bugzilla.redhat.com/show_bug.cgi?id=2123714
[ 7 ] Bug #2124157 - CVE-2022-3099 vim: Use After Free in do_cmdline() in ex_docmd.c
https://bugzilla.redhat.com/show_bug.cgi?id=2124157
[ 8 ] Bug #2124208 - CVE-2022-3016 vim: use-after-free in get_next_valid_entry() at
src/quickfix.c
https://bugzilla.redhat.com/show_bug.cgi?id=2124208
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-b9edf60581' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------