[CLSA-2022:1657182377] Fixed CVEs in vim: CVE-2022-2129, CVE-2022-2125, CVE-2022-1720, CVE-2022-2124, CVE-2022-2126
Type:
security
Severity:
Important
Release date:
2022-07-07
Description:
- CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow switching buffers in a substitute expression to avoid overruning destination buffer - CVE-2022-2126: do not decrement the index when it is zero
Updated packages:
  • vim-enhanced-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:5f542806d690e9d473c98766a0eb8f4d5e69912c
  • vim-filesystem-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:5d77302dedce483fc041ac04fcea365a0a6bba55
  • vim-common-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:6a8e79cc2fd3ee0bd076365e7afb8f9a285d50b2
  • vim-X11-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:c3225aa5246e9f59549a9a9d7c04ffa609177c49
  • vim-minimal-7.4.629-5.2.el6.tuxcare.els19.x86_64.rpm
    sha:66cc353ce78751ad97f7541bd1240c5724fbd6f9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.