ALAS2-2023-2266

Amazon Linux 2 Security Advisory: ALAS-2023-2266
Advisory Release Date: 2023-09-27 22:48 Pacific
Advisory Updated Date: 2023-10-05 22:01 Pacific

Severity: Important

References: CVE-2021-3236 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4751 CVE-2023-4752 CVE-2023-4781
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. (CVE-2021-3236)

Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. (CVE-2023-4734)

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. (CVE-2023-4735)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. (CVE-2023-4738)

Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. (CVE-2023-4751)

Use After Free in GitHub repository vim/vim prior to 9.0.1858. (CVE-2023-4752)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. (CVE-2023-4781)

Affected Packages:

vim

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update vim to update your system.

New Packages:

aarch64:
    vim-common-9.0.1882-1.amzn2.0.1.aarch64
    vim-minimal-9.0.1882-1.amzn2.0.1.aarch64
    vim-enhanced-9.0.1882-1.amzn2.0.1.aarch64
    vim-X11-9.0.1882-1.amzn2.0.1.aarch64
    xxd-9.0.1882-1.amzn2.0.1.aarch64
    vim-debuginfo-9.0.1882-1.amzn2.0.1.aarch64

i686:
    vim-common-9.0.1882-1.amzn2.0.1.i686
    vim-minimal-9.0.1882-1.amzn2.0.1.i686
    vim-enhanced-9.0.1882-1.amzn2.0.1.i686
    vim-X11-9.0.1882-1.amzn2.0.1.i686
    xxd-9.0.1882-1.amzn2.0.1.i686
    vim-debuginfo-9.0.1882-1.amzn2.0.1.i686

noarch:
    vim-filesystem-9.0.1882-1.amzn2.0.1.noarch
    vim-data-9.0.1882-1.amzn2.0.1.noarch

src:
    vim-9.0.1882-1.amzn2.0.1.src

x86_64:
    vim-common-9.0.1882-1.amzn2.0.1.x86_64
    vim-minimal-9.0.1882-1.amzn2.0.1.x86_64
    vim-enhanced-9.0.1882-1.amzn2.0.1.x86_64
    vim-X11-9.0.1882-1.amzn2.0.1.x86_64
    xxd-9.0.1882-1.amzn2.0.1.x86_64
    vim-debuginfo-9.0.1882-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2021-3236, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781

Mitre: CVE-2021-3236, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2023-2266

Additional References