[CLSA-2022:1657182572] Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
Type:
security
Severity:
Important
Release date:
2022-07-07
Description:
- CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow switching buffers in a substitute expression to avoid overruning destination buffer - CVE-2022-2126: do not decrement the index when it is zero
Updated packages:
  • vim-common-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:f8cd7bbc0062d4c53a154a0d0881812fa8394ab1
  • vim-X11-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:9958777d2d982eb7db5806444bbb57a6f59ceada
  • vim-filesystem-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:f529222b131d838b8980fc355f59904347123f1f
  • vim-minimal-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:c3829d249ffe9b2865e2d297e3f5d44023b81710
  • vim-enhanced-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:9b3ac3b37fb1dd9dab5436afe42cd12e13cdcef9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.