Gentoo Linux Security Advisory 202305-16

Gentoo Linux Security Advisory 202305-16: Posted May 3, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2022-1154, CVE-2022-1160, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735; SHA-256 | 81b5395f5780b813c10198f29c690100f378f19946bb1a709a861b0663668b4e; Download | Favorite | View

Gentoo Linux Security Advisory 202305-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202305-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low
    Title: Vim, gVim: Multiple Vulnerabilities
     Date: May 03, 2023
     Bugs: #851231, #861092, #869359, #879257, #883681, #889730
       ID: 202305-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Vim, the worst of which
could result in denial of service.

Background
==========

Vim is an efficient, highly configurable improved version of the classic
‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-editors/gvim           < 9.0.1157                >= 9.0.1157
  2  app-editors/vim            < 9.0.1157                >= 9.0.1157
  3  app-editors/vim-core       < 9.0.1157                >= 9.0.1157

Description
===========

Multiple vulnerabilities have been discovered in Vim, gVim. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Vim users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"

All gVim users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"

All vim-core users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"

References
==========

[ 1 ] CVE-2022-1154
      https://nvd.nist.gov/vuln/detail/CVE-2022-1154
[ 2 ] CVE-2022-1160
      https://nvd.nist.gov/vuln/detail/CVE-2022-1160
[ 3 ] CVE-2022-1381
      https://nvd.nist.gov/vuln/detail/CVE-2022-1381
[ 4 ] CVE-2022-1420
      https://nvd.nist.gov/vuln/detail/CVE-2022-1420
[ 5 ] CVE-2022-1616
      https://nvd.nist.gov/vuln/detail/CVE-2022-1616
[ 6 ] CVE-2022-1619
      https://nvd.nist.gov/vuln/detail/CVE-2022-1619
[ 7 ] CVE-2022-1620
      https://nvd.nist.gov/vuln/detail/CVE-2022-1620
[ 8 ] CVE-2022-1621
      https://nvd.nist.gov/vuln/detail/CVE-2022-1621
[ 9 ] CVE-2022-1629
      https://nvd.nist.gov/vuln/detail/CVE-2022-1629
[ 10 ] CVE-2022-1674
      https://nvd.nist.gov/vuln/detail/CVE-2022-1674
[ 11 ] CVE-2022-1720
      https://nvd.nist.gov/vuln/detail/CVE-2022-1720
[ 12 ] CVE-2022-1725
      https://nvd.nist.gov/vuln/detail/CVE-2022-1725
[ 13 ] CVE-2022-1733
      https://nvd.nist.gov/vuln/detail/CVE-2022-1733
[ 14 ] CVE-2022-1735
      https://nvd.nist.gov/vuln/detail/CVE-2022-1735
[ 15 ] CVE-2022-1769
      https://nvd.nist.gov/vuln/detail/CVE-2022-1769
[ 16 ] CVE-2022-1771
      https://nvd.nist.gov/vuln/detail/CVE-2022-1771
[ 17 ] CVE-2022-1785
      https://nvd.nist.gov/vuln/detail/CVE-2022-1785
[ 18 ] CVE-2022-1796
      https://nvd.nist.gov/vuln/detail/CVE-2022-1796
[ 19 ] CVE-2022-1851
      https://nvd.nist.gov/vuln/detail/CVE-2022-1851
[ 20 ] CVE-2022-1886
      https://nvd.nist.gov/vuln/detail/CVE-2022-1886
[ 21 ] CVE-2022-1897
      https://nvd.nist.gov/vuln/detail/CVE-2022-1897
[ 22 ] CVE-2022-1898
      https://nvd.nist.gov/vuln/detail/CVE-2022-1898
[ 23 ] CVE-2022-1927
      https://nvd.nist.gov/vuln/detail/CVE-2022-1927
[ 24 ] CVE-2022-1942
      https://nvd.nist.gov/vuln/detail/CVE-2022-1942
[ 25 ] CVE-2022-1968
      https://nvd.nist.gov/vuln/detail/CVE-2022-1968
[ 26 ] CVE-2022-2000
      https://nvd.nist.gov/vuln/detail/CVE-2022-2000
[ 27 ] CVE-2022-2042
      https://nvd.nist.gov/vuln/detail/CVE-2022-2042
[ 28 ] CVE-2022-2124
      https://nvd.nist.gov/vuln/detail/CVE-2022-2124
[ 29 ] CVE-2022-2125
      https://nvd.nist.gov/vuln/detail/CVE-2022-2125
[ 30 ] CVE-2022-2126
      https://nvd.nist.gov/vuln/detail/CVE-2022-2126
[ 31 ] CVE-2022-2129
      https://nvd.nist.gov/vuln/detail/CVE-2022-2129
[ 32 ] CVE-2022-2175
      https://nvd.nist.gov/vuln/detail/CVE-2022-2175
[ 33 ] CVE-2022-2182
      https://nvd.nist.gov/vuln/detail/CVE-2022-2182
[ 34 ] CVE-2022-2183
      https://nvd.nist.gov/vuln/detail/CVE-2022-2183
[ 35 ] CVE-2022-2206
      https://nvd.nist.gov/vuln/detail/CVE-2022-2206
[ 36 ] CVE-2022-2207
      https://nvd.nist.gov/vuln/detail/CVE-2022-2207
[ 37 ] CVE-2022-2208
      https://nvd.nist.gov/vuln/detail/CVE-2022-2208
[ 38 ] CVE-2022-2210
      https://nvd.nist.gov/vuln/detail/CVE-2022-2210
[ 39 ] CVE-2022-2231
      https://nvd.nist.gov/vuln/detail/CVE-2022-2231
[ 40 ] CVE-2022-2257
      https://nvd.nist.gov/vuln/detail/CVE-2022-2257
[ 41 ] CVE-2022-2264
      https://nvd.nist.gov/vuln/detail/CVE-2022-2264
[ 42 ] CVE-2022-2284
      https://nvd.nist.gov/vuln/detail/CVE-2022-2284
[ 43 ] CVE-2022-2285
      https://nvd.nist.gov/vuln/detail/CVE-2022-2285
[ 44 ] CVE-2022-2286
      https://nvd.nist.gov/vuln/detail/CVE-2022-2286
[ 45 ] CVE-2022-2287
      https://nvd.nist.gov/vuln/detail/CVE-2022-2287
[ 46 ] CVE-2022-2288
      https://nvd.nist.gov/vuln/detail/CVE-2022-2288
[ 47 ] CVE-2022-2289
      https://nvd.nist.gov/vuln/detail/CVE-2022-2289
[ 48 ] CVE-2022-2304
      https://nvd.nist.gov/vuln/detail/CVE-2022-2304
[ 49 ] CVE-2022-2343
      https://nvd.nist.gov/vuln/detail/CVE-2022-2343
[ 50 ] CVE-2022-2344
      https://nvd.nist.gov/vuln/detail/CVE-2022-2344
[ 51 ] CVE-2022-2345
      https://nvd.nist.gov/vuln/detail/CVE-2022-2345
[ 52 ] CVE-2022-2522
      https://nvd.nist.gov/vuln/detail/CVE-2022-2522
[ 53 ] CVE-2022-2816
      https://nvd.nist.gov/vuln/detail/CVE-2022-2816
[ 54 ] CVE-2022-2817
      https://nvd.nist.gov/vuln/detail/CVE-2022-2817
[ 55 ] CVE-2022-2819
      https://nvd.nist.gov/vuln/detail/CVE-2022-2819
[ 56 ] CVE-2022-2845
      https://nvd.nist.gov/vuln/detail/CVE-2022-2845
[ 57 ] CVE-2022-2849
      https://nvd.nist.gov/vuln/detail/CVE-2022-2849
[ 58 ] CVE-2022-2862
      https://nvd.nist.gov/vuln/detail/CVE-2022-2862
[ 59 ] CVE-2022-2874
      https://nvd.nist.gov/vuln/detail/CVE-2022-2874
[ 60 ] CVE-2022-2889
      https://nvd.nist.gov/vuln/detail/CVE-2022-2889
[ 61 ] CVE-2022-2923
      https://nvd.nist.gov/vuln/detail/CVE-2022-2923
[ 62 ] CVE-2022-2946
      https://nvd.nist.gov/vuln/detail/CVE-2022-2946
[ 63 ] CVE-2022-2980
      https://nvd.nist.gov/vuln/detail/CVE-2022-2980
[ 64 ] CVE-2022-2982
      https://nvd.nist.gov/vuln/detail/CVE-2022-2982
[ 65 ] CVE-2022-3016
      https://nvd.nist.gov/vuln/detail/CVE-2022-3016
[ 66 ] CVE-2022-3099
      https://nvd.nist.gov/vuln/detail/CVE-2022-3099
[ 67 ] CVE-2022-3134
      https://nvd.nist.gov/vuln/detail/CVE-2022-3134
[ 68 ] CVE-2022-3153
      https://nvd.nist.gov/vuln/detail/CVE-2022-3153
[ 69 ] CVE-2022-3234
      https://nvd.nist.gov/vuln/detail/CVE-2022-3234
[ 70 ] CVE-2022-3235
      https://nvd.nist.gov/vuln/detail/CVE-2022-3235
[ 71 ] CVE-2022-3256
      https://nvd.nist.gov/vuln/detail/CVE-2022-3256
[ 72 ] CVE-2022-3278
      https://nvd.nist.gov/vuln/detail/CVE-2022-3278
[ 73 ] CVE-2022-3296
      https://nvd.nist.gov/vuln/detail/CVE-2022-3296
[ 74 ] CVE-2022-3297
      https://nvd.nist.gov/vuln/detail/CVE-2022-3297
[ 75 ] CVE-2022-3324
      https://nvd.nist.gov/vuln/detail/CVE-2022-3324
[ 76 ] CVE-2022-3352
      https://nvd.nist.gov/vuln/detail/CVE-2022-3352
[ 77 ] CVE-2022-3491
      https://nvd.nist.gov/vuln/detail/CVE-2022-3491
[ 78 ] CVE-2022-3520
      https://nvd.nist.gov/vuln/detail/CVE-2022-3520
[ 79 ] CVE-2022-3591
      https://nvd.nist.gov/vuln/detail/CVE-2022-3591
[ 80 ] CVE-2022-3705
      https://nvd.nist.gov/vuln/detail/CVE-2022-3705
[ 81 ] CVE-2022-4141
      https://nvd.nist.gov/vuln/detail/CVE-2022-4141
[ 82 ] CVE-2022-4292
      https://nvd.nist.gov/vuln/detail/CVE-2022-4292
[ 83 ] CVE-2022-4293
      https://nvd.nist.gov/vuln/detail/CVE-2022-4293
[ 84 ] CVE-2022-47024
      https://nvd.nist.gov/vuln/detail/CVE-2022-47024
[ 85 ] CVE-2023-0049
      https://nvd.nist.gov/vuln/detail/CVE-2023-0049
[ 86 ] CVE-2023-0051
      https://nvd.nist.gov/vuln/detail/CVE-2023-0051
[ 87 ] CVE-2023-0054
      https://nvd.nist.gov/vuln/detail/CVE-2023-0054

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-16

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Gentoo Linux Security Advisory 202305-16

Gentoo Linux Security Advisory 202305-16

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 202305-16

Share This

Gentoo Linux Security Advisory 202305-16

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems