SUSE-SU-2022:3229-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3229-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:3229-1

Related

CVE-2022-1720
CVE-2022-1968
CVE-2022-2124
CVE-2022-2125
CVE-2022-2126
CVE-2022-2129
CVE-2022-2175
CVE-2022-2182
CVE-2022-2183
CVE-2022-2206
CVE-2022-2207
CVE-2022-2208
CVE-2022-2210
CVE-2022-2231
CVE-2022-2257
CVE-2022-2264
CVE-2022-2284
CVE-2022-2285
CVE-2022-2286
CVE-2022-2287
CVE-2022-2304
CVE-2022-2343
CVE-2022-2344
CVE-2022-2345
CVE-2022-2522
CVE-2022-2571
CVE-2022-2580
CVE-2022-2581
CVE-2022-2598
CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889
CVE-2022-2923
CVE-2022-2946
CVE-2022-3016

Published

2022-09-09T12:46:32Z

Modified

2022-09-09T12:46:32Z

Summary

Security update for vim

Details

This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0313:

CVE-2022-2183: Fixed out-of-bounds read through getlispindent() (bsc#1200902).
CVE-2022-2182: Fixed heap-based buffer overflow through parsecmdaddress() (bsc#1200903).
CVE-2022-2175: Fixed buffer over-read through cmdlineinsertreg() (bsc#1200904).
CVE-2022-2304: Fixed stack buffer overflow in spelldumpcompl() (bsc#1201249).
CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
CVE-2022-2819: Fixed heap-based Buffer Overflow in compilelockunlock() (bsc#1202414).
CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
CVE-2022-2125: Fixed out of bounds read in getlispindent() (bsc#1200698).
CVE-2022-2126: Fixed out of bounds read in suggesttriewalk() (bsc#1200700).
CVE-2022-2129: Fixed out of bounds write in vimregsubboth() (bsc#1200701).
CVE-2022-1720: Fixed out of bounds read in grabfilename() (bsc#1200732).
CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
CVE-2022-2287: Fixed out of bounds read in suggesttriewalk() (bsc#1201136).
CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
CVE-2022-2210: Fixed out of bounds read in mlappendint() (bsc#1201151).
CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
CVE-2022-2257: Fixed out of bounds read in msgouttransspecial() (bsc#1201154).
CVE-2022-2206: Fixed out of bounds read in msgouttransattr() (bsc#1201155).
CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
CVE-2022-2571: Fixed heap-based buffer overflow related to inscompgetnextwordorline() (bsc#1202046).
CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
CVE-2022-2598: Fixed undefined behavior for Input to API related to diffmarkadjusttp() and exdiffgetput() (bsc#1202051).
CVE-2022-2817: Fixed use after gree in fassertfails() (bsc#1202420).
CVE-2022-2816: Fixed out-of-bounds Read in checkvim9unlet() (bsc#1202421).
CVE-2022-2862: Fixed use-after-free in compilenestedfunction() (bsc#1202511).
CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
CVE-2022-2889: Fixed use-after-free in findvaralsoinscript() in evalvars.c (bsc#1202599).
CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
CVE-2022-2946: Fixed use after free in function vimvsnprintftypval (bsc#1202689).
CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).

Bugfixes:

Fixing vim error on startup (bsc#1200884).
Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP3 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "gvim": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Desktop Applications 15 SP4 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "gvim": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-BCL / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Manager Server 4.1 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / vim

Package

Name: vim
Purl: pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

openSUSE:Leap Micro 5.2 / vim

Package

Name: vim
Purl: pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

openSUSE:Leap 15.3 / vim

Package

Name: vim
Purl: pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}

openSUSE:Leap 15.4 / vim

Package

Name: vim
Purl: pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0313-150000.5.25.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0313-150000.5.25.1",
            "gvim": "9.0.0313-150000.5.25.1",
            "vim-small": "9.0.0313-150000.5.25.1",
            "vim": "9.0.0313-150000.5.25.1",
            "vim-data-common": "9.0.0313-150000.5.25.1"
        }
    ]
}