Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:4631-1

UNKNOWN

Security update for vim

Published Dec 28, 2022

Modified 3 years ago

Fix available

Details

This update for vim fixes the following issues:

Updated to version 9.0.1040:

CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
CVE-2022-3591: vim: Use After Free (bsc#1206072).
CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).

Affected Packages

SUSE:Enterprise Storage 6gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 6vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 6vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 6vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7.1gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7.1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7.1vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7.1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Enterprise Storage 7.1vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSvim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSvim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.1vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.2vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.2vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.3vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.3vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Micro 5.3vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Basesystem 15 SP4vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Basesystem 15 SP4vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Basesystem 15 SP4vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Basesystem 15 SP4vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP4gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP4vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Real Time 15 SP3gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Real Time 15 SP3vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Real Time 15 SP3vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Real Time 15 SP3vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Real Time 15 SP3vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP1-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP1-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP1-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP1-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP2-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP2-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP2-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP2-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP3-LTSSgvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP3-LTSSvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP3-LTSSvim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP3-LTSSvim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server 15 SP3-LTSSvim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.1gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.1vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.2vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.2vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Proxy 4.2vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.1gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.1vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.2vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.2vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Retail Branch Server 4.2vim-small

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.1gvim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.1vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.1vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.1vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.2vim

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.2vim-data

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

SUSE:Manager Server 4.2vim-small

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.3gvim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.3vim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.3vim-data

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.3vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.3vim-small

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.4gvim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.4vim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.4vim-data

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.4vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap 15.4vim-small

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.2vim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.2vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.2vim-small

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.3vim

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.3vim-data-common

Fixed in:

9.0.1040-150000.5.31.1

openSUSE:Leap Micro 5.3vim-small

Fixed in:

9.0.1040-150000.5.31.1

References

REPORThttps://bugzilla.suse.com/1204779 REPORThttps://bugzilla.suse.com/1205797 REPORThttps://bugzilla.suse.com/1206028 REPORThttps://bugzilla.suse.com/1206071 REPORThttps://bugzilla.suse.com/1206072 REPORThttps://bugzilla.suse.com/1206075 REPORThttps://bugzilla.suse.com/1206077 WEBhttps://www.suse.com/security/cve/CVE-2022-3491 WEBhttps://www.suse.com/security/cve/CVE-2022-3520 WEBhttps://www.suse.com/security/cve/CVE-2022-3591 WEBhttps://www.suse.com/security/cve/CVE-2022-3705 WEBhttps://www.suse.com/security/cve/CVE-2022-4141 WEBhttps://www.suse.com/security/cve/CVE-2022-4292 WEBhttps://www.suse.com/security/cve/CVE-2022-4293 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20224631-1/

Upstream

CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293

Related

CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293

Ecosystems

SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3

Timeline

PublishedDec 28, 2022

ModifiedDec 28, 2022

SUSE-SU-2022:4631-1 | Mondoo Vulnerability Intelligence