[El-errata] ELSA-2022-5319 Moderate: Oracle Linux 8 vim security update

Fri Jul 1 21:13:14 UTC 2022

Oracle Linux Security Advisory ELSA-2022-5319

http://linux.oracle.com/errata/ELSA-2022-5319.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.0.1763-19.0.1.el8_6.2.x86_64.rpm
vim-common-8.0.1763-19.0.1.el8_6.2.x86_64.rpm
vim-enhanced-8.0.1763-19.0.1.el8_6.2.x86_64.rpm
vim-filesystem-8.0.1763-19.0.1.el8_6.2.noarch.rpm
vim-minimal-8.0.1763-19.0.1.el8_6.2.x86_64.rpm

aarch64:
vim-X11-8.0.1763-19.0.1.el8_6.2.aarch64.rpm
vim-common-8.0.1763-19.0.1.el8_6.2.aarch64.rpm
vim-enhanced-8.0.1763-19.0.1.el8_6.2.aarch64.rpm
vim-filesystem-8.0.1763-19.0.1.el8_6.2.noarch.rpm
vim-minimal-8.0.1763-19.0.1.el8_6.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-19.0.1.el8_6.2.src.rpm

Related CVEs:

CVE-2022-1621
CVE-2022-1629

Description of changes:

[2:8.0.1763-19.0.1.2]
- Remove upstream references [Orabug: 31197557]
- Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984]

[2:8.0.1763-19.2]
- CVE-2022-1621 vim: heap buffer overflow
- CVE-2022-1629 vim: buffer over-read

[2:8.0.1763-19.1]
- CVE-2022-1154 vim: use after free in utf_ptr2char

[2:8.0.1763-19]
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository

[2:8.0.1763-18]
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
- CVE-2022-0413 vim: use after free in src/ex_cmds.c

[2:8.0.1763-18]
- fix test suite after fix for CVE-2022-0318
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c

[2:8.0.1763-18]
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c

[2:8.0.1763-18]
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
- CVE-2021-4192 vim: vulnerable to Use After Free

[2:8.0.1763-18]
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]

[2:8.0.1763-17]
- 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]