Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0958: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-47024: A NULL pointer dereference issue was found in Vim’s gui_x11_create_blank_mouse function in gui_x11.c. This flaw allows attackers to cause a denial of service and other unspecified impacts.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-28

Updated:

2023-02-28

RHSA-2023:0958 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: vim security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for vim is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

  • vim: no check if the return value of XChangeGC() is NULL (CVE-2022-47024)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2163613 - CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL

Red Hat Enterprise Linux for x86_64 9

SRPM

vim-8.2.2637-20.el9_1.src.rpm

SHA-256: 0b69a7e4bd835da5b093b79adbfeb117c715ff569c791a486036a755e8c2ae5c

x86_64

vim-X11-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 58890d9586775d7f7aaa71cac2e218f7a68d328eb2d3a6105f7458806ada8f01

vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 5faffd8f897a121b22ae3ed9e171405d509172d68483b17603ddb26d45d54251

vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 5faffd8f897a121b22ae3ed9e171405d509172d68483b17603ddb26d45d54251

vim-common-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 30a236e458bd2c87372b9b56d38ebd6762051df56017f863c66ecf52c5bbcfbf

vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 8fde0de2d1a15503717d388386f5e4f28218d432b4954c1acdd718e9867255fa

vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 8fde0de2d1a15503717d388386f5e4f28218d432b4954c1acdd718e9867255fa

vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: b753ff1f0cb248805d2ad63eb168c1e6a9094b05ce8c6e4498dc3bb24ebd63ea

vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: b753ff1f0cb248805d2ad63eb168c1e6a9094b05ce8c6e4498dc3bb24ebd63ea

vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: eaeee2bffdeee05ce8454d55149bb4072675b4c6a891a9142c02eab825aa0f22

vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: eaeee2bffdeee05ce8454d55149bb4072675b4c6a891a9142c02eab825aa0f22

vim-enhanced-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 58f546c458dc9da7f585123f43c6ae6fc01c05381e451eebd6117352f68ec68d

vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: ec054ac7af84dc2d475236ccd2a255540b2d53aa0b4f89eec82efa3e4b93c4eb

vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: ec054ac7af84dc2d475236ccd2a255540b2d53aa0b4f89eec82efa3e4b93c4eb

vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

SHA-256: 6f0dbb5a2c675b932a0eb650c83b68eb485e02808b02bb27373eef30a283f5bc

vim-minimal-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: 6c84c0ac25cf0c499848d725fbcd2689cddb4eb09d82e66171dbf41f54f7b1f0

vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: e3b9f9adbe6498a7f19569806fec6ae983e85b9f2dc0f9ca227bc7e4b0a6bd24

vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

SHA-256: e3b9f9adbe6498a7f19569806fec6ae983e85b9f2dc0f9ca227bc7e4b0a6bd24

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

vim-8.2.2637-20.el9_1.src.rpm

SHA-256: 0b69a7e4bd835da5b093b79adbfeb117c715ff569c791a486036a755e8c2ae5c

s390x

vim-X11-8.2.2637-20.el9_1.s390x.rpm

SHA-256: dac21dc2191b922451c403012dfeeff182f2e5db56fa49b6b3d0fa73130c3b47

vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 3ab52857caf9347cefb06d8e43cf170c79ab89a3f9c2f498bcebd820f8bc908d

vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 3ab52857caf9347cefb06d8e43cf170c79ab89a3f9c2f498bcebd820f8bc908d

vim-common-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 8ab5decf28a481892720ceaa75492d58c5a66a4683962c1dc700b161563d3038

vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 500c42d4bcabf729ac082a8045c4189eecf9de594ab0c4ab8d0aec85ec2cdda6

vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 500c42d4bcabf729ac082a8045c4189eecf9de594ab0c4ab8d0aec85ec2cdda6

vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 11531144402d88ec943a3e6e1ea6c589944e16f83b256f96b20ed237b32c116f

vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 11531144402d88ec943a3e6e1ea6c589944e16f83b256f96b20ed237b32c116f

vim-debugsource-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 76ff85332e85b953b042b2886b3011de2ea3ac2d03edcd64e4c58822eb9fb087

vim-debugsource-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 76ff85332e85b953b042b2886b3011de2ea3ac2d03edcd64e4c58822eb9fb087

vim-enhanced-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 508f60ea30e5d5871eeb284a2c3868d95b51ba2027ad11f086e5a38aee0846f3

vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 946e777db90b72bc044c7586a79ccf195b36bfa65a9fcdcbf4949863ee4755bd

vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: 946e777db90b72bc044c7586a79ccf195b36bfa65a9fcdcbf4949863ee4755bd

vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

SHA-256: 6f0dbb5a2c675b932a0eb650c83b68eb485e02808b02bb27373eef30a283f5bc

vim-minimal-8.2.2637-20.el9_1.s390x.rpm

SHA-256: d5790e5111ddd9ef80003c8f525c37eac7fb1f6e18ec9a3c6e5547690e40ae9f

vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: db969729467c359b348aa385c034f28335aede9df6c4b52e20dc173f2db576b1

vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

SHA-256: db969729467c359b348aa385c034f28335aede9df6c4b52e20dc173f2db576b1

Red Hat Enterprise Linux for Power, little endian 9

SRPM

vim-8.2.2637-20.el9_1.src.rpm

SHA-256: 0b69a7e4bd835da5b093b79adbfeb117c715ff569c791a486036a755e8c2ae5c

ppc64le

vim-X11-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 8c4663239c87f3d39ba2cf7f328afd2e8ae12a69369a15f401940fb567ffbc71

vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: c842de3bf6379ef9d9f52ffc281402f432bfbbd7842d4232d8ee61dca9989903

vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: c842de3bf6379ef9d9f52ffc281402f432bfbbd7842d4232d8ee61dca9989903

vim-common-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 09c2307e2eb529864caea673daf042422b89ae1d924453be0e90b4c7aff398bf

vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 11be1e96d71b9474becb379e43b23f50d065b7c0d9a41ded5af7ab36fbca925d

vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 11be1e96d71b9474becb379e43b23f50d065b7c0d9a41ded5af7ab36fbca925d

vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 9923fd6109e98bfeb882b5847286b0855f44acc37e26c9aa1e08e4d258c7b93c

vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 9923fd6109e98bfeb882b5847286b0855f44acc37e26c9aa1e08e4d258c7b93c

vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 9898eca6665f1e205206167b19d0094f896be0722723d9dfc7a120e4ff64513b

vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 9898eca6665f1e205206167b19d0094f896be0722723d9dfc7a120e4ff64513b

vim-enhanced-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: e8ae7b473b5cc5392f043fb878aa0f68b0603846375bbb874a980ed5eb147e0c

vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 2b23e81f388700d057e7090a1e7feda581a2a49a02d8970dffe3c8f819175a26

vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 2b23e81f388700d057e7090a1e7feda581a2a49a02d8970dffe3c8f819175a26

vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

SHA-256: 6f0dbb5a2c675b932a0eb650c83b68eb485e02808b02bb27373eef30a283f5bc

vim-minimal-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 56210e4c4e3118e827366af652751940e471fc0d7b5aabef3a3236059d8b6381

vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 1be3233523ebd8f6924882b215f6f1304aafcc624ab2a3c456bdbfb700b158c8

vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

SHA-256: 1be3233523ebd8f6924882b215f6f1304aafcc624ab2a3c456bdbfb700b158c8

Red Hat Enterprise Linux for ARM 64 9

SRPM

vim-8.2.2637-20.el9_1.src.rpm

SHA-256: 0b69a7e4bd835da5b093b79adbfeb117c715ff569c791a486036a755e8c2ae5c

aarch64

vim-X11-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: fad5f3b8a00d0d046f09879a5f67b9cd457774b132cbc0c6600868929d1d286b

vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: f3833fdf7da2d9ef3edfe0666a008608e3ccbcda6ee3885a9277fd33c3f4dbc1

vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: f3833fdf7da2d9ef3edfe0666a008608e3ccbcda6ee3885a9277fd33c3f4dbc1

vim-common-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 8cb6fc1f2dbbb96cd12d99d9f15f5f08a520ece3816ccd1071762b3bb9b2cdd9

vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: cab3ce454644b4c7b416e578b03b2eacef1f173d6466f4fc5959bde5caa2f136

vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: cab3ce454644b4c7b416e578b03b2eacef1f173d6466f4fc5959bde5caa2f136

vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: bb9f3a17e4d26376c0c6ced3c91115ac75e4fdb65feddddc2c3dfb6b74c8dfeb

vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: bb9f3a17e4d26376c0c6ced3c91115ac75e4fdb65feddddc2c3dfb6b74c8dfeb

vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 29a6fa09d9abbd0e00427c364cb2c2dec31dd8b8d5c2a53db1fbf3cd080c7a2f

vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 29a6fa09d9abbd0e00427c364cb2c2dec31dd8b8d5c2a53db1fbf3cd080c7a2f

vim-enhanced-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 6c48eadb137d66159eaac6673649650cc6937e8db247345571eba1ea4bebaef6

vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 9d50dddfd8e8cf62814284594f7ba463daf528aac154795b20587b811fda779a

vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 9d50dddfd8e8cf62814284594f7ba463daf528aac154795b20587b811fda779a

vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

SHA-256: 6f0dbb5a2c675b932a0eb650c83b68eb485e02808b02bb27373eef30a283f5bc

vim-minimal-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: 179c828b8d0c553bef34e540f7bb616879e99bfdb722113320682c6ab24b172f

vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: ff2054536caa52b5d5bbd04e4ccbc50934e1c6494d8a5be4852b6ca943d36199

vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

SHA-256: ff2054536caa52b5d5bbd04e4ccbc50934e1c6494d8a5be4852b6ca943d36199

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Gentoo Linux Security Advisory 202305-16

Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.

Ubuntu Security Notice USN-5963-1

Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

Red Hat Security Advisory 2023-0958-01

Red Hat Security Advisory 2023-0958-01 - Vim is an updated and improved version of the vi editor.

Ubuntu Security Notice USN-5836-1

Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

CVE-2022-47024: patch 9.0.0339: no check if the return value of XChangeGC() is NULL · vim/vim@a63ad78

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.