ALAS2022-2022-023

Amazon Linux 2022 Security Advisory: ALAS-2022-023
Advisory Release Date: 2022-02-02 07:35 Pacific
Advisory Updated Date: 2022-02-03 00:50 Pacific

Severity: Important

References: CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0407
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0361)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0368)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0392)

A flaw was found in vim. The vulnerability occurs due to the read operation before the start of the line and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0407)

Affected Packages:

vim

Issue Correction:
Run dnf update --releasever=2022.0.20220202 vim to update your system.

New Packages:

aarch64:
    vim-X11-debuginfo-8.2.4232-1.amzn2022.aarch64
    vim-enhanced-debuginfo-8.2.4232-1.amzn2022.aarch64
    vim-minimal-8.2.4232-1.amzn2022.aarch64
    vim-debuginfo-8.2.4232-1.amzn2022.aarch64
    vim-debugsource-8.2.4232-1.amzn2022.aarch64
    vim-common-debuginfo-8.2.4232-1.amzn2022.aarch64
    vim-enhanced-8.2.4232-1.amzn2022.aarch64
    vim-minimal-debuginfo-8.2.4232-1.amzn2022.aarch64
    vim-X11-8.2.4232-1.amzn2022.aarch64
    vim-common-8.2.4232-1.amzn2022.aarch64

noarch:
    vim-data-8.2.4232-1.amzn2022.noarch
    vim-default-editor-8.2.4232-1.amzn2022.noarch
    vim-filesystem-8.2.4232-1.amzn2022.noarch

src:
    vim-8.2.4232-1.amzn2022.src

x86_64:
    vim-X11-debuginfo-8.2.4232-1.amzn2022.x86_64
    vim-minimal-debuginfo-8.2.4232-1.amzn2022.x86_64
    vim-X11-8.2.4232-1.amzn2022.x86_64
    vim-debugsource-8.2.4232-1.amzn2022.x86_64
    vim-enhanced-debuginfo-8.2.4232-1.amzn2022.x86_64
    vim-debuginfo-8.2.4232-1.amzn2022.x86_64
    vim-minimal-8.2.4232-1.amzn2022.x86_64
    vim-enhanced-8.2.4232-1.amzn2022.x86_64
    vim-common-debuginfo-8.2.4232-1.amzn2022.x86_64
    vim-common-8.2.4232-1.amzn2022.x86_64

Additional References

Red Hat: CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0407

Mitre: CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0407

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2022-2022-023

Additional References