An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1749 Final 1.0 1.0 2022-07-14 Initial 2022-07-14 2022-07-14 openEuler SA Tool V1.0 2022-07-14 vim security update An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Security Fix(es): Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.(CVE-2022-1720) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.(CVE-2022-2208) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2207) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2183) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2284) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.(CVE-2022-2285) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2304) Use After Free in GitHub repository vim/vim prior to 9.0.0046.(CVE-2022-2345) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.(CVE-2022-2344) Use After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-2042) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-2000) An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical vim https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1720 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2208 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2207 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2183 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2284 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2285 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2304 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2345 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2344 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2042 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS vim-debuginfo-8.2-42.oe1.aarch64.rpm vim-debugsource-8.2-42.oe1.aarch64.rpm vim-enhanced-8.2-42.oe1.aarch64.rpm vim-minimal-8.2-42.oe1.aarch64.rpm vim-common-8.2-42.oe1.aarch64.rpm vim-X11-8.2-42.oe1.aarch64.rpm vim-enhanced-8.2-42.oe1.aarch64.rpm vim-common-8.2-42.oe1.aarch64.rpm vim-minimal-8.2-42.oe1.aarch64.rpm vim-debuginfo-8.2-42.oe1.aarch64.rpm vim-debugsource-8.2-42.oe1.aarch64.rpm vim-X11-8.2-42.oe1.aarch64.rpm vim-minimal-8.2-50.oe2203.aarch64.rpm vim-debugsource-8.2-50.oe2203.aarch64.rpm vim-X11-8.2-50.oe2203.aarch64.rpm vim-common-8.2-50.oe2203.aarch64.rpm vim-debuginfo-8.2-50.oe2203.aarch64.rpm vim-enhanced-8.2-50.oe2203.aarch64.rpm vim-filesystem-8.2-42.oe1.noarch.rpm vim-filesystem-8.2-42.oe1.noarch.rpm vim-filesystem-8.2-50.oe2203.noarch.rpm vim-8.2-42.oe1.src.rpm vim-8.2-42.oe1.src.rpm vim-8.2-50.oe2203.src.rpm vim-minimal-8.2-42.oe1.x86_64.rpm vim-enhanced-8.2-42.oe1.x86_64.rpm vim-debuginfo-8.2-42.oe1.x86_64.rpm vim-common-8.2-42.oe1.x86_64.rpm vim-X11-8.2-42.oe1.x86_64.rpm vim-debugsource-8.2-42.oe1.x86_64.rpm vim-minimal-8.2-42.oe1.x86_64.rpm vim-X11-8.2-42.oe1.x86_64.rpm vim-enhanced-8.2-42.oe1.x86_64.rpm vim-debuginfo-8.2-42.oe1.x86_64.rpm vim-debugsource-8.2-42.oe1.x86_64.rpm vim-common-8.2-42.oe1.x86_64.rpm vim-debuginfo-8.2-50.oe2203.x86_64.rpm vim-common-8.2-50.oe2203.x86_64.rpm vim-debugsource-8.2-50.oe2203.x86_64.rpm vim-minimal-8.2-50.oe2203.x86_64.rpm vim-X11-8.2-50.oe2203.x86_64.rpm vim-enhanced-8.2-50.oe2203.x86_64.rpm Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. 2022-07-14 CVE-2022-1720 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. 2022-07-14 CVE-2022-2208 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-07-14 CVE-2022-2207 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-07-14 CVE-2022-2183 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-14 CVE-2022-2284 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-14 CVE-2022-2285 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-14 CVE-2022-2304 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Use After Free in GitHub repository vim/vim prior to 9.0.0046. 2022-07-14 CVE-2022-2345 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. 2022-07-14 CVE-2022-2344 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Use After Free in GitHub repository vim/vim prior to 8.2. 2022-07-14 CVE-2022-2042 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-07-14 CVE-2022-2000 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H vim security update 2022-07-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1749