ALAS2-2023-2319

Related Vulnerabilities: CVE-2023-5441   CVE-2023-5535  

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441) Use After Free in GitHub repository vim/vim prior to v9.0.2010. (CVE-2023-5535)

ALAS2-2023-2319


Amazon Linux 2 Security Advisory: ALAS-2023-2319
Advisory Release Date: 2023-10-30 23:59 Pacific
Advisory Updated Date: 2023-11-01 22:21 Pacific
Severity: Medium

Issue Overview:

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441)

Use After Free in GitHub repository vim/vim prior to v9.0.2010. (CVE-2023-5535)


Affected Packages:

vim


Issue Correction:
Run yum update vim to update your system.

New Packages:
aarch64:
    vim-common-9.0.1882-1.amzn2.0.3.aarch64
    vim-minimal-9.0.1882-1.amzn2.0.3.aarch64
    vim-enhanced-9.0.1882-1.amzn2.0.3.aarch64
    vim-X11-9.0.1882-1.amzn2.0.3.aarch64
    xxd-9.0.1882-1.amzn2.0.3.aarch64
    vim-debuginfo-9.0.1882-1.amzn2.0.3.aarch64

i686:
    vim-common-9.0.1882-1.amzn2.0.3.i686
    vim-minimal-9.0.1882-1.amzn2.0.3.i686
    vim-enhanced-9.0.1882-1.amzn2.0.3.i686
    vim-X11-9.0.1882-1.amzn2.0.3.i686
    xxd-9.0.1882-1.amzn2.0.3.i686
    vim-debuginfo-9.0.1882-1.amzn2.0.3.i686

noarch:
    vim-filesystem-9.0.1882-1.amzn2.0.3.noarch
    vim-data-9.0.1882-1.amzn2.0.3.noarch

src:
    vim-9.0.1882-1.amzn2.0.3.src

x86_64:
    vim-common-9.0.1882-1.amzn2.0.3.x86_64
    vim-minimal-9.0.1882-1.amzn2.0.3.x86_64
    vim-enhanced-9.0.1882-1.amzn2.0.3.x86_64
    vim-X11-9.0.1882-1.amzn2.0.3.x86_64
    xxd-9.0.1882-1.amzn2.0.3.x86_64
    vim-debuginfo-9.0.1882-1.amzn2.0.3.x86_64