ALAS-2022-155
Amazon Linux 2022 Security Advisory: ALAS-2022-155
Advisory Release Date: 2022-10-17 23:30 Pacific
Advisory Updated Date: 2022-12-06 16:46 Pacific
Severity:
Low
Issue Overview:
A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3099)
A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3134)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)
Issue Correction:
Run dnf update vim --releasever=2022.0.20221019 to update your system.
New Packages:aarch64:
vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-minimal-9.0.475-1.amzn2022.0.1.aarch64
vim-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-enhanced-9.0.475-1.amzn2022.0.1.aarch64
vim-common-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-debugsource-9.0.475-1.amzn2022.0.1.aarch64
vim-common-9.0.475-1.amzn2022.0.1.aarch64
noarch:
vim-filesystem-9.0.475-1.amzn2022.0.1.noarch
vim-default-editor-9.0.475-1.amzn2022.0.1.noarch
vim-data-9.0.475-1.amzn2022.0.1.noarch
src:
vim-9.0.475-1.amzn2022.0.1.src
x86_64:
vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-minimal-9.0.475-1.amzn2022.0.1.x86_64
vim-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-enhanced-9.0.475-1.amzn2022.0.1.x86_64
vim-common-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-debugsource-9.0.475-1.amzn2022.0.1.x86_64
vim-common-9.0.475-1.amzn2022.0.1.x86_64
Additional References
Red Hat: CVE-2021-3770,
CVE-2021-3903,
CVE-2021-3927,
CVE-2021-3928,
CVE-2021-3968,
CVE-2021-3973,
CVE-2021-3974,
CVE-2021-3984,
CVE-2021-4019,
CVE-2021-4069,
CVE-2021-4136,
CVE-2021-4166,
CVE-2021-4173,
CVE-2021-4187,
CVE-2021-4192,
CVE-2021-4193,
CVE-2022-0128,
CVE-2022-0156,
CVE-2022-0158,
CVE-2022-0213,
CVE-2022-0261,
CVE-2022-0318,
CVE-2022-0319,
CVE-2022-0351,
CVE-2022-0359,
CVE-2022-0361,
CVE-2022-0368,
CVE-2022-0392,
CVE-2022-0393,
CVE-2022-0407,
CVE-2022-0408,
CVE-2022-0413,
CVE-2022-0417,
CVE-2022-0443,
CVE-2022-0554,
CVE-2022-0572,
CVE-2022-0629,
CVE-2022-0685,
CVE-2022-0696,
CVE-2022-0714,
CVE-2022-0729,
CVE-2022-0943,
CVE-2022-1154,
CVE-2022-1160,
CVE-2022-1381,
CVE-2022-1420,
CVE-2022-1616,
CVE-2022-1619,
CVE-2022-1620,
CVE-2022-1621,
CVE-2022-1629,
CVE-2022-1674,
CVE-2022-1720,
CVE-2022-1725,
CVE-2022-1733,
CVE-2022-1735,
CVE-2022-1769,
CVE-2022-1771,
CVE-2022-1785,
CVE-2022-1796,
CVE-2022-1851,
CVE-2022-1886,
CVE-2022-1897,
CVE-2022-1898,
CVE-2022-1927,
CVE-2022-1942,
CVE-2022-1968,
CVE-2022-2000,
CVE-2022-2042,
CVE-2022-2124,
CVE-2022-2125,
CVE-2022-2126,
CVE-2022-2129,
CVE-2022-2175,
CVE-2022-2182,
CVE-2022-2183,
CVE-2022-2206,
CVE-2022-2207,
CVE-2022-2208,
CVE-2022-2210,
CVE-2022-2231,
CVE-2022-2257,
CVE-2022-2264,
CVE-2022-2284,
CVE-2022-2285,
CVE-2022-2286,
CVE-2022-2287,
CVE-2022-2288,
CVE-2022-2289,
CVE-2022-2304,
CVE-2022-2343,
CVE-2022-2344,
CVE-2022-2345,
CVE-2022-2522,
CVE-2022-2571,
CVE-2022-2580,
CVE-2022-2581,
CVE-2022-2598,
CVE-2022-2816,
CVE-2022-2817,
CVE-2022-2819,
CVE-2022-2845,
CVE-2022-2849,
CVE-2022-2862,
CVE-2022-2874,
CVE-2022-2889,
CVE-2022-2923,
CVE-2022-2946,
CVE-2022-2980,
CVE-2022-2982,
CVE-2022-3016,
CVE-2022-3037,
CVE-2022-3099,
CVE-2022-3134,
CVE-2022-3153
Mitre: CVE-2021-3770,
CVE-2021-3903,
CVE-2021-3927,
CVE-2021-3928,
CVE-2021-3968,
CVE-2021-3973,
CVE-2021-3974,
CVE-2021-3984,
CVE-2021-4019,
CVE-2021-4069,
CVE-2021-4136,
CVE-2021-4166,
CVE-2021-4173,
CVE-2021-4187,
CVE-2021-4192,
CVE-2021-4193,
CVE-2022-0128,
CVE-2022-0156,
CVE-2022-0158,
CVE-2022-0213,
CVE-2022-0261,
CVE-2022-0318,
CVE-2022-0319,
CVE-2022-0351,
CVE-2022-0359,
CVE-2022-0361,
CVE-2022-0368,
CVE-2022-0392,
CVE-2022-0393,
CVE-2022-0407,
CVE-2022-0408,
CVE-2022-0413,
CVE-2022-0417,
CVE-2022-0443,
CVE-2022-0554,
CVE-2022-0572,
CVE-2022-0629,
CVE-2022-0685,
CVE-2022-0696,
CVE-2022-0714,
CVE-2022-0729,
CVE-2022-0943,
CVE-2022-1154,
CVE-2022-1160,
CVE-2022-1381,
CVE-2022-1420,
CVE-2022-1616,
CVE-2022-1619,
CVE-2022-1620,
CVE-2022-1621,
CVE-2022-1629,
CVE-2022-1674,
CVE-2022-1720,
CVE-2022-1725,
CVE-2022-1733,
CVE-2022-1735,
CVE-2022-1769,
CVE-2022-1771,
CVE-2022-1785,
CVE-2022-1796,
CVE-2022-1851,
CVE-2022-1886,
CVE-2022-1897,
CVE-2022-1898,
CVE-2022-1927,
CVE-2022-1942,
CVE-2022-1968,
CVE-2022-2000,
CVE-2022-2042,
CVE-2022-2124,
CVE-2022-2125,
CVE-2022-2126,
CVE-2022-2129,
CVE-2022-2175,
CVE-2022-2182,
CVE-2022-2183,
CVE-2022-2206,
CVE-2022-2207,
CVE-2022-2208,
CVE-2022-2210,
CVE-2022-2231,
CVE-2022-2257,
CVE-2022-2264,
CVE-2022-2284,
CVE-2022-2285,
CVE-2022-2286,
CVE-2022-2287,
CVE-2022-2288,
CVE-2022-2289,
CVE-2022-2304,
CVE-2022-2343,
CVE-2022-2344,
CVE-2022-2345,
CVE-2022-2522,
CVE-2022-2571,
CVE-2022-2580,
CVE-2022-2581,
CVE-2022-2598,
CVE-2022-2816,
CVE-2022-2817,
CVE-2022-2819,
CVE-2022-2845,
CVE-2022-2849,
CVE-2022-2862,
CVE-2022-2874,
CVE-2022-2889,
CVE-2022-2923,
CVE-2022-2946,
CVE-2022-2980,
CVE-2022-2982,
CVE-2022-3016,
CVE-2022-3037,
CVE-2022-3099,
CVE-2022-3134,
CVE-2022-3153