Oracle Linux 6134 Published by

A vim security update has been released for Oracle Linux 9.



El-errata: ELSA-2023-0958 Moderate: Oracle Linux 9 vim security update


Oracle Linux Security Advisory ELSA-2023-0958

  http://linux.oracle.com/errata/ELSA-2023-0958.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.2.2637-20.0.1.el9_1.x86_64.rpm
vim-common-8.2.2637-20.0.1.el9_1.x86_64.rpm
vim-enhanced-8.2.2637-20.0.1.el9_1.x86_64.rpm
vim-filesystem-8.2.2637-20.0.1.el9_1.noarch.rpm
vim-minimal-8.2.2637-20.0.1.el9_1.x86_64.rpm

aarch64:
vim-X11-8.2.2637-20.0.1.el9_1.aarch64.rpm
vim-common-8.2.2637-20.0.1.el9_1.aarch64.rpm
vim-enhanced-8.2.2637-20.0.1.el9_1.aarch64.rpm
vim-filesystem-8.2.2637-20.0.1.el9_1.noarch.rpm
vim-minimal-8.2.2637-20.0.1.el9_1.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol9/SRPMS-updates//vim-8.2.2637-20.0.1.el9_1.src.rpm

Related CVEs:

CVE-2022-47024



Description of changes:

[8.2.2637-20.0.1]
- Remove upstream references [Orabug: 31197557]

[2:8.2.2637-20]
- CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL

[2:8.2.2637-19]
- CVE-2022-1785 vim: Out-of-bounds Write
- CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
- CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c

[2:8.2.2637-18]
- CVE-2022-1621 vim: heap buffer overflow
- CVE-2022-1629 vim: buffer over-read

[2:8.2.2637-17]
- CVE-2022-1154 vim: use after free in utf_ptr2char
- CVE-2022-1420 vim: Out-of-range Pointer Offset

_______________________________________________