An update for vim is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1982 Final 1.0 1.0 2024-08-16 Initial 2024-08-16 2024-08-16 openEuler SA Tool V1.0 2024-08-16 vim security update An update for vim is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4 Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Security Fix(es): Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647(CVE-2024-41957) Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.(CVE-2024-41965) An update for vim is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium vim https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41957 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 vim-9.0-24.oe2203sp3.src.rpm vim-9.0-23.oe2003sp4.src.rpm vim-9.0-24.oe2203sp1.src.rpm vim-9.0.2092-8.oe2403.src.rpm vim-9.0-24.oe2203sp4.src.rpm vim-X11-9.0-24.oe2203sp3.aarch64.rpm vim-common-9.0-24.oe2203sp3.aarch64.rpm vim-debuginfo-9.0-24.oe2203sp3.aarch64.rpm vim-debugsource-9.0-24.oe2203sp3.aarch64.rpm vim-enhanced-9.0-24.oe2203sp3.aarch64.rpm vim-minimal-9.0-24.oe2203sp3.aarch64.rpm vim-X11-9.0-23.oe2003sp4.aarch64.rpm vim-common-9.0-23.oe2003sp4.aarch64.rpm vim-debuginfo-9.0-23.oe2003sp4.aarch64.rpm vim-debugsource-9.0-23.oe2003sp4.aarch64.rpm vim-enhanced-9.0-23.oe2003sp4.aarch64.rpm vim-minimal-9.0-23.oe2003sp4.aarch64.rpm vim-X11-9.0-24.oe2203sp1.aarch64.rpm vim-common-9.0-24.oe2203sp1.aarch64.rpm vim-debuginfo-9.0-24.oe2203sp1.aarch64.rpm vim-debugsource-9.0-24.oe2203sp1.aarch64.rpm vim-enhanced-9.0-24.oe2203sp1.aarch64.rpm vim-minimal-9.0-24.oe2203sp1.aarch64.rpm vim-X11-9.0.2092-8.oe2403.aarch64.rpm vim-common-9.0.2092-8.oe2403.aarch64.rpm vim-debuginfo-9.0.2092-8.oe2403.aarch64.rpm vim-debugsource-9.0.2092-8.oe2403.aarch64.rpm vim-enhanced-9.0.2092-8.oe2403.aarch64.rpm vim-minimal-9.0.2092-8.oe2403.aarch64.rpm vim-X11-9.0-24.oe2203sp4.aarch64.rpm vim-common-9.0-24.oe2203sp4.aarch64.rpm vim-debuginfo-9.0-24.oe2203sp4.aarch64.rpm vim-debugsource-9.0-24.oe2203sp4.aarch64.rpm vim-enhanced-9.0-24.oe2203sp4.aarch64.rpm vim-minimal-9.0-24.oe2203sp4.aarch64.rpm vim-X11-9.0-24.oe2203sp3.x86_64.rpm vim-common-9.0-24.oe2203sp3.x86_64.rpm vim-debuginfo-9.0-24.oe2203sp3.x86_64.rpm vim-debugsource-9.0-24.oe2203sp3.x86_64.rpm vim-enhanced-9.0-24.oe2203sp3.x86_64.rpm vim-minimal-9.0-24.oe2203sp3.x86_64.rpm vim-X11-9.0-23.oe2003sp4.x86_64.rpm vim-common-9.0-23.oe2003sp4.x86_64.rpm vim-debuginfo-9.0-23.oe2003sp4.x86_64.rpm vim-debugsource-9.0-23.oe2003sp4.x86_64.rpm vim-enhanced-9.0-23.oe2003sp4.x86_64.rpm vim-minimal-9.0-23.oe2003sp4.x86_64.rpm vim-X11-9.0-24.oe2203sp1.x86_64.rpm vim-common-9.0-24.oe2203sp1.x86_64.rpm vim-debuginfo-9.0-24.oe2203sp1.x86_64.rpm vim-debugsource-9.0-24.oe2203sp1.x86_64.rpm vim-enhanced-9.0-24.oe2203sp1.x86_64.rpm vim-minimal-9.0-24.oe2203sp1.x86_64.rpm vim-X11-9.0.2092-8.oe2403.x86_64.rpm vim-common-9.0.2092-8.oe2403.x86_64.rpm vim-debuginfo-9.0.2092-8.oe2403.x86_64.rpm vim-debugsource-9.0.2092-8.oe2403.x86_64.rpm vim-enhanced-9.0.2092-8.oe2403.x86_64.rpm vim-minimal-9.0.2092-8.oe2403.x86_64.rpm vim-X11-9.0-24.oe2203sp4.x86_64.rpm vim-common-9.0-24.oe2203sp4.x86_64.rpm vim-debuginfo-9.0-24.oe2203sp4.x86_64.rpm vim-debugsource-9.0-24.oe2203sp4.x86_64.rpm vim-enhanced-9.0-24.oe2203sp4.x86_64.rpm vim-minimal-9.0-24.oe2203sp4.x86_64.rpm vim-filesystem-9.0-24.oe2203sp3.noarch.rpm vim-filesystem-9.0-23.oe2003sp4.noarch.rpm vim-filesystem-9.0-24.oe2203sp1.noarch.rpm vim-filesystem-9.0.2092-8.oe2403.noarch.rpm vim-filesystem-9.0-24.oe2203sp4.noarch.rpm Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647 2024-08-16 CVE-2024-41957 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 Medium 5.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L vim security update 2024-08-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982 Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. 2024-08-16 CVE-2024-41965 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 Medium 4.2 AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L vim security update 2024-08-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982