ALAS2023-2023-360

Amazon Linux 2023 Security Advisory: ALAS-2023-360
Advisory Release Date: 2023-09-27 21:05 Pacific
Advisory Updated Date: 2023-10-03 20:50 Pacific
Severity: Important
Issue Overview:

Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. (CVE-2023-4734)

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. (CVE-2023-4735)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. (CVE-2023-4738)

Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. (CVE-2023-4751)

Use After Free in GitHub repository vim/vim prior to 9.0.1858. (CVE-2023-4752)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. (CVE-2023-4781)


Affected Packages:

vim


Issue Correction:
Run dnf update vim --releasever 2023.2.20231002 to update your system.

New Packages:
aarch64:
    vim-enhanced-debuginfo-9.0.1882-1.amzn2023.0.1.aarch64
    vim-debuginfo-9.0.1882-1.amzn2023.0.1.aarch64
    xxd-debuginfo-9.0.1882-1.amzn2023.0.1.aarch64
    vim-minimal-debuginfo-9.0.1882-1.amzn2023.0.1.aarch64
    vim-minimal-9.0.1882-1.amzn2023.0.1.aarch64
    vim-debugsource-9.0.1882-1.amzn2023.0.1.aarch64
    xxd-9.0.1882-1.amzn2023.0.1.aarch64
    vim-enhanced-9.0.1882-1.amzn2023.0.1.aarch64
    vim-common-9.0.1882-1.amzn2023.0.1.aarch64

noarch:
    vim-default-editor-9.0.1882-1.amzn2023.0.1.noarch
    vim-data-9.0.1882-1.amzn2023.0.1.noarch
    vim-filesystem-9.0.1882-1.amzn2023.0.1.noarch

src:
    vim-9.0.1882-1.amzn2023.0.1.src

x86_64:
    vim-enhanced-debuginfo-9.0.1882-1.amzn2023.0.1.x86_64
    vim-minimal-debuginfo-9.0.1882-1.amzn2023.0.1.x86_64
    xxd-debuginfo-9.0.1882-1.amzn2023.0.1.x86_64
    vim-minimal-9.0.1882-1.amzn2023.0.1.x86_64
    vim-debugsource-9.0.1882-1.amzn2023.0.1.x86_64
    vim-debuginfo-9.0.1882-1.amzn2023.0.1.x86_64
    xxd-9.0.1882-1.amzn2023.0.1.x86_64
    vim-enhanced-9.0.1882-1.amzn2023.0.1.x86_64
    vim-common-9.0.1882-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781

Mitre: CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781