Lucene search

K
suseSuseSUSE-SU-2022:2102-1
HistoryJun 16, 2022 - 12:00 a.m.

Security update for vim (important)

2022-06-1600:00:00
lists.opensuse.org
33
vim
security
update
vulnerabilities
cve
patch
suse
opensuse
server
installation
yast
zypper
suse manager
sap
lts

EPSS

0.012

Percentile

85.4%

An update that fixes 45 vulnerabilities is now available.

Description:

This update for vim fixes the following issues:

  • CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
  • CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
  • CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
  • CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
  • CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
  • CVE-2021-3974: Fixed use-after-free (bsc#1192904).
  • CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c
    (bsc#1193466).
  • CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
  • CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
  • CVE-2021-4192: Fixed use-after-free (bsc#1194217).
  • CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
  • CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
  • CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
  • CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
  • CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
  • CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in
    ex_getln.c (bsc#1195203).
  • CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
  • CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
  • CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
  • CVE-2022-1381: Fixed global heap buffer overflow in skip_range
    (bsc#1198596).
  • CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
  • CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
  • CVE-2022-1619: Fixed heap-based Buffer Overflow in function
    cmdline_erase_chars (bsc#1199333).
  • CVE-2022-1620: Fixed NULL pointer dereference in function
    vim_regexec_string (bsc#1199334).
  • CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c
    (bsc#1199655).
  • CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
  • CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
  • CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
  • CVE-2022-1796: Fixed use-after-free in find_pattern_in_path
    (bsc#1199747).
  • CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
  • CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
  • CVE-2022-1898: Fixed use-after-free (bsc#1200011).
  • CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-2102=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-2102=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2102=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2102=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2102=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2102=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2102=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2102=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2102=1

  • SUSE Linux Enterprise Server 15-SP2-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2102=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2102=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2102=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2102=1

  • SUSE Linux Enterprise Module for Desktop Applications 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2102=1

  • SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2102=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2102=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2102=1

  • SUSE Linux Enterprise Micro 5.2:

    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2102=1

  • SUSE Linux Enterprise Micro 5.1:

    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1

  • SUSE Linux Enterprise High Performance Computing 15-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-2102=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-2102=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
Rows per page:
1-10 of 961