Amazon Linux 2022 Security Advisory: ALAS-2022-155
Advisory Release Date: 2022-10-17 23:30 Pacific
Advisory Updated Date: 2022-10-19 23:18 Pacific
A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3099)
A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3134)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)
Affected Packages:
vim
Issue Correction:
Run dnf update vim --releasever=2022.0.20221019 to update your system.
aarch64:
vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-minimal-9.0.475-1.amzn2022.0.1.aarch64
vim-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-enhanced-9.0.475-1.amzn2022.0.1.aarch64
vim-common-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
vim-debugsource-9.0.475-1.amzn2022.0.1.aarch64
vim-common-9.0.475-1.amzn2022.0.1.aarch64
i686:
vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.i686
vim-debugsource-9.0.475-1.amzn2022.0.1.i686
vim-enhanced-9.0.475-1.amzn2022.0.1.i686
vim-common-9.0.475-1.amzn2022.0.1.i686
vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.i686
vim-minimal-9.0.475-1.amzn2022.0.1.i686
vim-debuginfo-9.0.475-1.amzn2022.0.1.i686
vim-common-debuginfo-9.0.475-1.amzn2022.0.1.i686
noarch:
vim-filesystem-9.0.475-1.amzn2022.0.1.noarch
vim-default-editor-9.0.475-1.amzn2022.0.1.noarch
vim-data-9.0.475-1.amzn2022.0.1.noarch
src:
vim-9.0.475-1.amzn2022.0.1.src
x86_64:
vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-minimal-9.0.475-1.amzn2022.0.1.x86_64
vim-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-enhanced-9.0.475-1.amzn2022.0.1.x86_64
vim-common-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
vim-debugsource-9.0.475-1.amzn2022.0.1.x86_64
vim-common-9.0.475-1.amzn2022.0.1.x86_64