Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
Date: Sun, 21 Aug 2022 01:52:32
Message-Id: 166104561958.12.6539510766211404260@7b72ab9f548d
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-32
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: Vim, gVim: Multiple Vulnerabilities
9 Date: August 21, 2022
10 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231
11 ID: 202208-32
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in Vim, the worst of which
19 could result in denial of service.
20
21 Background
22 ==========
23
24 Vim is an efficient, highly configurable improved version of the classic
25 ‘vi’ text editor. gVim is the GUI version of Vim.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-editors/gvim < 9.0.0060 >= 9.0.0060
34 2 app-editors/vim < 9.0.0060 >= 9.0.0060
35 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in Vim and gVim. Please
41 review the CVE identifiers referenced below for details.
42
43 Impact
44 ======
45
46 Please review the referenced CVE identifiers for details.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Vim users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
60
61 All gVim users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
65
66 All vim-core users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2021-3770
75 https://nvd.nist.gov/vuln/detail/CVE-2021-3770
76 [ 2 ] CVE-2021-3778
77 https://nvd.nist.gov/vuln/detail/CVE-2021-3778
78 [ 3 ] CVE-2021-3796
79 https://nvd.nist.gov/vuln/detail/CVE-2021-3796
80 [ 4 ] CVE-2021-3872
81 https://nvd.nist.gov/vuln/detail/CVE-2021-3872
82 [ 5 ] CVE-2021-3875
83 https://nvd.nist.gov/vuln/detail/CVE-2021-3875
84 [ 6 ] CVE-2021-3927
85 https://nvd.nist.gov/vuln/detail/CVE-2021-3927
86 [ 7 ] CVE-2021-3928
87 https://nvd.nist.gov/vuln/detail/CVE-2021-3928
88 [ 8 ] CVE-2021-3968
89 https://nvd.nist.gov/vuln/detail/CVE-2021-3968
90 [ 9 ] CVE-2021-3973
91 https://nvd.nist.gov/vuln/detail/CVE-2021-3973
92 [ 10 ] CVE-2021-3974
93 https://nvd.nist.gov/vuln/detail/CVE-2021-3974
94 [ 11 ] CVE-2021-3984
95 https://nvd.nist.gov/vuln/detail/CVE-2021-3984
96 [ 12 ] CVE-2021-4019
97 https://nvd.nist.gov/vuln/detail/CVE-2021-4019
98 [ 13 ] CVE-2021-4069
99 https://nvd.nist.gov/vuln/detail/CVE-2021-4069
100 [ 14 ] CVE-2021-4136
101 https://nvd.nist.gov/vuln/detail/CVE-2021-4136
102 [ 15 ] CVE-2021-4166
103 https://nvd.nist.gov/vuln/detail/CVE-2021-4166
104 [ 16 ] CVE-2021-4173
105 https://nvd.nist.gov/vuln/detail/CVE-2021-4173
106 [ 17 ] CVE-2021-4187
107 https://nvd.nist.gov/vuln/detail/CVE-2021-4187
108 [ 18 ] CVE-2021-4192
109 https://nvd.nist.gov/vuln/detail/CVE-2021-4192
110 [ 19 ] CVE-2021-4193
111 https://nvd.nist.gov/vuln/detail/CVE-2021-4193
112 [ 20 ] CVE-2021-46059
113 https://nvd.nist.gov/vuln/detail/CVE-2021-46059
114 [ 21 ] CVE-2022-0128
115 https://nvd.nist.gov/vuln/detail/CVE-2022-0128
116 [ 22 ] CVE-2022-0156
117 https://nvd.nist.gov/vuln/detail/CVE-2022-0156
118 [ 23 ] CVE-2022-0158
119 https://nvd.nist.gov/vuln/detail/CVE-2022-0158
120 [ 24 ] CVE-2022-0213
121 https://nvd.nist.gov/vuln/detail/CVE-2022-0213
122 [ 25 ] CVE-2022-0261
123 https://nvd.nist.gov/vuln/detail/CVE-2022-0261
124 [ 26 ] CVE-2022-0318
125 https://nvd.nist.gov/vuln/detail/CVE-2022-0318
126 [ 27 ] CVE-2022-0319
127 https://nvd.nist.gov/vuln/detail/CVE-2022-0319
128 [ 28 ] CVE-2022-0351
129 https://nvd.nist.gov/vuln/detail/CVE-2022-0351
130 [ 29 ] CVE-2022-0359
131 https://nvd.nist.gov/vuln/detail/CVE-2022-0359
132 [ 30 ] CVE-2022-0361
133 https://nvd.nist.gov/vuln/detail/CVE-2022-0361
134 [ 31 ] CVE-2022-0368
135 https://nvd.nist.gov/vuln/detail/CVE-2022-0368
136 [ 32 ] CVE-2022-0392
137 https://nvd.nist.gov/vuln/detail/CVE-2022-0392
138 [ 33 ] CVE-2022-0393
139 https://nvd.nist.gov/vuln/detail/CVE-2022-0393
140 [ 34 ] CVE-2022-0407
141 https://nvd.nist.gov/vuln/detail/CVE-2022-0407
142 [ 35 ] CVE-2022-0408
143 https://nvd.nist.gov/vuln/detail/CVE-2022-0408
144 [ 36 ] CVE-2022-0413
145 https://nvd.nist.gov/vuln/detail/CVE-2022-0413
146 [ 37 ] CVE-2022-0417
147 https://nvd.nist.gov/vuln/detail/CVE-2022-0417
148 [ 38 ] CVE-2022-0443
149 https://nvd.nist.gov/vuln/detail/CVE-2022-0443
150 [ 39 ] CVE-2022-0554
151 https://nvd.nist.gov/vuln/detail/CVE-2022-0554
152 [ 40 ] CVE-2022-0629
153 https://nvd.nist.gov/vuln/detail/CVE-2022-0629
154 [ 41 ] CVE-2022-0685
155 https://nvd.nist.gov/vuln/detail/CVE-2022-0685
156 [ 42 ] CVE-2022-0714
157 https://nvd.nist.gov/vuln/detail/CVE-2022-0714
158 [ 43 ] CVE-2022-0729
159 https://nvd.nist.gov/vuln/detail/CVE-2022-0729
160 [ 44 ] CVE-2022-0943
161 https://nvd.nist.gov/vuln/detail/CVE-2022-0943
162 [ 45 ] CVE-2022-1154
163 https://nvd.nist.gov/vuln/detail/CVE-2022-1154
164 [ 46 ] CVE-2022-1160
165 https://nvd.nist.gov/vuln/detail/CVE-2022-1160
166 [ 47 ] CVE-2022-1381
167 https://nvd.nist.gov/vuln/detail/CVE-2022-1381
168 [ 48 ] CVE-2022-1420
169 https://nvd.nist.gov/vuln/detail/CVE-2022-1420
170 [ 49 ] CVE-2022-1616
171 https://nvd.nist.gov/vuln/detail/CVE-2022-1616
172 [ 50 ] CVE-2022-1619
173 https://nvd.nist.gov/vuln/detail/CVE-2022-1619
174 [ 51 ] CVE-2022-1620
175 https://nvd.nist.gov/vuln/detail/CVE-2022-1620
176 [ 52 ] CVE-2022-1621
177 https://nvd.nist.gov/vuln/detail/CVE-2022-1621
178 [ 53 ] CVE-2022-1629
179 https://nvd.nist.gov/vuln/detail/CVE-2022-1629
180 [ 54 ] CVE-2022-1674
181 https://nvd.nist.gov/vuln/detail/CVE-2022-1674
182 [ 55 ] CVE-2022-1720
183 https://nvd.nist.gov/vuln/detail/CVE-2022-1720
184 [ 56 ] CVE-2022-1733
185 https://nvd.nist.gov/vuln/detail/CVE-2022-1733
186 [ 57 ] CVE-2022-1735
187 https://nvd.nist.gov/vuln/detail/CVE-2022-1735
188 [ 58 ] CVE-2022-1769
189 https://nvd.nist.gov/vuln/detail/CVE-2022-1769
190 [ 59 ] CVE-2022-1771
191 https://nvd.nist.gov/vuln/detail/CVE-2022-1771
192 [ 60 ] CVE-2022-1785
193 https://nvd.nist.gov/vuln/detail/CVE-2022-1785
194 [ 61 ] CVE-2022-1796
195 https://nvd.nist.gov/vuln/detail/CVE-2022-1796
196 [ 62 ] CVE-2022-1851
197 https://nvd.nist.gov/vuln/detail/CVE-2022-1851
198 [ 63 ] CVE-2022-1886
199 https://nvd.nist.gov/vuln/detail/CVE-2022-1886
200 [ 64 ] CVE-2022-1897
201 https://nvd.nist.gov/vuln/detail/CVE-2022-1897
202 [ 65 ] CVE-2022-1898
203 https://nvd.nist.gov/vuln/detail/CVE-2022-1898
204 [ 66 ] CVE-2022-1927
205 https://nvd.nist.gov/vuln/detail/CVE-2022-1927
206 [ 67 ] CVE-2022-1942
207 https://nvd.nist.gov/vuln/detail/CVE-2022-1942
208 [ 68 ] CVE-2022-1968
209 https://nvd.nist.gov/vuln/detail/CVE-2022-1968
210 [ 69 ] CVE-2022-2000
211 https://nvd.nist.gov/vuln/detail/CVE-2022-2000
212 [ 70 ] CVE-2022-2042
213 https://nvd.nist.gov/vuln/detail/CVE-2022-2042
214 [ 71 ] CVE-2022-2124
215 https://nvd.nist.gov/vuln/detail/CVE-2022-2124
216 [ 72 ] CVE-2022-2125
217 https://nvd.nist.gov/vuln/detail/CVE-2022-2125
218 [ 73 ] CVE-2022-2126
219 https://nvd.nist.gov/vuln/detail/CVE-2022-2126
220 [ 74 ] CVE-2022-2129
221 https://nvd.nist.gov/vuln/detail/CVE-2022-2129
222 [ 75 ] CVE-2022-2175
223 https://nvd.nist.gov/vuln/detail/CVE-2022-2175
224 [ 76 ] CVE-2022-2182
225 https://nvd.nist.gov/vuln/detail/CVE-2022-2182
226 [ 77 ] CVE-2022-2183
227 https://nvd.nist.gov/vuln/detail/CVE-2022-2183
228 [ 78 ] CVE-2022-2206
229 https://nvd.nist.gov/vuln/detail/CVE-2022-2206
230 [ 79 ] CVE-2022-2207
231 https://nvd.nist.gov/vuln/detail/CVE-2022-2207
232 [ 80 ] CVE-2022-2208
233 https://nvd.nist.gov/vuln/detail/CVE-2022-2208
234 [ 81 ] CVE-2022-2210
235 https://nvd.nist.gov/vuln/detail/CVE-2022-2210
236 [ 82 ] CVE-2022-2231
237 https://nvd.nist.gov/vuln/detail/CVE-2022-2231
238 [ 83 ] CVE-2022-2257
239 https://nvd.nist.gov/vuln/detail/CVE-2022-2257
240 [ 84 ] CVE-2022-2264
241 https://nvd.nist.gov/vuln/detail/CVE-2022-2264
242 [ 85 ] CVE-2022-2284
243 https://nvd.nist.gov/vuln/detail/CVE-2022-2284
244 [ 86 ] CVE-2022-2285
245 https://nvd.nist.gov/vuln/detail/CVE-2022-2285
246 [ 87 ] CVE-2022-2286
247 https://nvd.nist.gov/vuln/detail/CVE-2022-2286
248 [ 88 ] CVE-2022-2287
249 https://nvd.nist.gov/vuln/detail/CVE-2022-2287
250 [ 89 ] CVE-2022-2288
251 https://nvd.nist.gov/vuln/detail/CVE-2022-2288
252 [ 90 ] CVE-2022-2289
253 https://nvd.nist.gov/vuln/detail/CVE-2022-2289
254 [ 91 ] CVE-2022-2304
255 https://nvd.nist.gov/vuln/detail/CVE-2022-2304
256 [ 92 ] CVE-2022-2343
257 https://nvd.nist.gov/vuln/detail/CVE-2022-2343
258 [ 93 ] CVE-2022-2344
259 https://nvd.nist.gov/vuln/detail/CVE-2022-2344
260 [ 94 ] CVE-2022-2345
261 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
262
263 Availability
264 ============
265
266 This GLSA and any updates to it are available for viewing at
267 the Gentoo Security Website:
268
269 https://security.gentoo.org/glsa/202208-32
270
271 Concerns?
272 =========
273
274 Security is a primary focus of Gentoo Linux and ensuring the
275 confidentiality and security of our users' machines is of utmost
276 importance to us. Any security concerns should be addressed to
277 security@g.o or alternatively, you may file a bug at
278 https://bugs.gentoo.org.
279
280 License
281 =======
282
283 Copyright 2022 Gentoo Foundation, Inc; referenced text
284 belongs to its owner(s).
285
286 The contents of this document are licensed under the
287 Creative Commons - Attribution / Share Alike license.
288
289 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups