ALAS2023-2023-194

Amazon Linux 2023 Security Advisory: ALAS-2023-194
Advisory Release Date: 2023-06-05 16:38 Pacific
Advisory Updated Date: 2023-06-07 20:09 Pacific

Severity: Important

References: CVE-2023-2609 CVE-2023-2610
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)

Affected Packages:

vim

Issue Correction:
Run dnf update vim --releasever 2023.0.20230607 to update your system.

New Packages:

aarch64:
    vim-enhanced-debuginfo-9.0.1592-1.amzn2023.0.1.aarch64
    xxd-9.0.1592-1.amzn2023.0.1.aarch64
    vim-debuginfo-9.0.1592-1.amzn2023.0.1.aarch64
    vim-minimal-debuginfo-9.0.1592-1.amzn2023.0.1.aarch64
    vim-debugsource-9.0.1592-1.amzn2023.0.1.aarch64
    vim-minimal-9.0.1592-1.amzn2023.0.1.aarch64
    xxd-debuginfo-9.0.1592-1.amzn2023.0.1.aarch64
    vim-enhanced-9.0.1592-1.amzn2023.0.1.aarch64
    vim-common-9.0.1592-1.amzn2023.0.1.aarch64

noarch:
    vim-data-9.0.1592-1.amzn2023.0.1.noarch
    vim-default-editor-9.0.1592-1.amzn2023.0.1.noarch
    vim-filesystem-9.0.1592-1.amzn2023.0.1.noarch

src:
    vim-9.0.1592-1.amzn2023.0.1.src

x86_64:
    vim-enhanced-debuginfo-9.0.1592-1.amzn2023.0.1.x86_64
    xxd-9.0.1592-1.amzn2023.0.1.x86_64
    vim-debuginfo-9.0.1592-1.amzn2023.0.1.x86_64
    vim-enhanced-9.0.1592-1.amzn2023.0.1.x86_64
    xxd-debuginfo-9.0.1592-1.amzn2023.0.1.x86_64
    vim-minimal-9.0.1592-1.amzn2023.0.1.x86_64
    vim-minimal-debuginfo-9.0.1592-1.amzn2023.0.1.x86_64
    vim-debugsource-9.0.1592-1.amzn2023.0.1.x86_64
    vim-common-9.0.1592-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2023-2609, CVE-2023-2610

Mitre: CVE-2023-2609, CVE-2023-2610

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-194

Additional References