Release Info

Advisory: CLSA-2022:1669309294

OS: Ubuntu 16.04 ELS

Public date: 2022-11-24 00:00:00

Project: vim

Version: 3:7.4.1689-3ubuntu1.5+tuxcare.els33

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1669309294.html

Changelog

* SECURITY UPDATE: Use After Free in vim - debian/patches/CVE-2022-3352.patch: Disallow deleting the current buffer to avoid using freed memory - CVE-2022-3352 * SECURITY UPDATE: Crash when matching buffer with invalid pattern - debian/patches/CVE-2022-1674.patch: Check for NULL regprog - CVE-2022-1674 * SECURITY UPDATE: Using NULL regexp program - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL in more places - CVE-2022-1725 * Fix: CI crashes when running out of memory, NULL pointer dereference - debian/patches/fix-addstate.patch: Apply 'maxmempattern' also to new regexp engine, check NULL pointers inside addstate() function

Update

Update command: apt-get update apt-get --only-upgrade install vim*

Packages list

vim_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-common_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els33_all.deb vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els33_all.deb vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els33_all.deb vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els33_amd64.deb

CVEs

CVE-2022-3352
CVE-2022-1725
CVE-2022-1674