Amazon Linux 2022 Security Advisory: ALAS-2022-025
Advisory Release Date: 2022-02-16 00:51 Pacific
Advisory Updated Date: 2022-02-16 19:15 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0393)
A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0408)
A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)
A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0417)
A flaw was found in vim. The vulnerability occurs due to using freed memory which results in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0443)
Affected Packages:
vim
Issue Correction:
Run dnf update --releasever=2022.0.20220215 vim to update your system.
aarch64:
vim-X11-debuginfo-8.2.4314-1.amzn2022.aarch64
vim-common-debuginfo-8.2.4314-1.amzn2022.aarch64
vim-enhanced-debuginfo-8.2.4314-1.amzn2022.aarch64
vim-minimal-debuginfo-8.2.4314-1.amzn2022.aarch64
vim-minimal-8.2.4314-1.amzn2022.aarch64
vim-enhanced-8.2.4314-1.amzn2022.aarch64
vim-X11-8.2.4314-1.amzn2022.aarch64
vim-debuginfo-8.2.4314-1.amzn2022.aarch64
vim-debugsource-8.2.4314-1.amzn2022.aarch64
vim-common-8.2.4314-1.amzn2022.aarch64
noarch:
vim-filesystem-8.2.4314-1.amzn2022.noarch
vim-default-editor-8.2.4314-1.amzn2022.noarch
vim-data-8.2.4314-1.amzn2022.noarch
src:
vim-8.2.4314-1.amzn2022.src
x86_64:
vim-enhanced-debuginfo-8.2.4314-1.amzn2022.x86_64
vim-X11-debuginfo-8.2.4314-1.amzn2022.x86_64
vim-minimal-8.2.4314-1.amzn2022.x86_64
vim-common-debuginfo-8.2.4314-1.amzn2022.x86_64
vim-debuginfo-8.2.4314-1.amzn2022.x86_64
vim-X11-8.2.4314-1.amzn2022.x86_64
vim-minimal-debuginfo-8.2.4314-1.amzn2022.x86_64
vim-debugsource-8.2.4314-1.amzn2022.x86_64
vim-enhanced-8.2.4314-1.amzn2022.x86_64
vim-common-8.2.4314-1.amzn2022.x86_64