ALAS2023-2023-117

Amazon Linux 2023 Security Advisory: ALAS-2023-117
Advisory Release Date: 2023-03-06 17:50 Pacific
Advisory Updated Date: 2023-03-08 00:51 Pacific

Severity: Important

References: CVE-2022-3234 CVE-2022-3235 CVE-2022-3256 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3491 CVE-2022-47024 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-0512
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. (CVE-2022-3491)

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. (CVE-2022-47024)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. (CVE-2023-0051)

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. (CVE-2023-0054)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. (CVE-2023-0288)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. (CVE-2023-0433)

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. (CVE-2023-0512)

Affected Packages:

vim

Issue Correction:
Run dnf update vim --releasever=2023.0.20230308 to update your system.

New Packages:

aarch64:
    vim-enhanced-debuginfo-9.0.1314-1.amzn2023.0.2.aarch64
    vim-minimal-debuginfo-9.0.1314-1.amzn2023.0.2.aarch64
    vim-debuginfo-9.0.1314-1.amzn2023.0.2.aarch64
    vim-common-debuginfo-9.0.1314-1.amzn2023.0.2.aarch64
    vim-enhanced-9.0.1314-1.amzn2023.0.2.aarch64
    vim-minimal-9.0.1314-1.amzn2023.0.2.aarch64
    vim-debugsource-9.0.1314-1.amzn2023.0.2.aarch64
    vim-common-9.0.1314-1.amzn2023.0.2.aarch64

noarch:
    vim-filesystem-9.0.1314-1.amzn2023.0.2.noarch
    vim-default-editor-9.0.1314-1.amzn2023.0.2.noarch
    vim-data-9.0.1314-1.amzn2023.0.2.noarch

src:
    vim-9.0.1314-1.amzn2023.0.2.src

x86_64:
    vim-enhanced-debuginfo-9.0.1314-1.amzn2023.0.2.x86_64
    vim-minimal-debuginfo-9.0.1314-1.amzn2023.0.2.x86_64
    vim-debuginfo-9.0.1314-1.amzn2023.0.2.x86_64
    vim-enhanced-9.0.1314-1.amzn2023.0.2.x86_64
    vim-common-debuginfo-9.0.1314-1.amzn2023.0.2.x86_64
    vim-minimal-9.0.1314-1.amzn2023.0.2.x86_64
    vim-debugsource-9.0.1314-1.amzn2023.0.2.x86_64
    vim-common-9.0.1314-1.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3491, CVE-2022-47024, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512

Mitre: CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3491, CVE-2022-47024, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-117

Additional References