Security update for vim

Announcement ID:	SUSE-SU-2023:0209-1
Rating:	important
References:	bsc#1204779 bsc#1205797 bsc#1206028 bsc#1206071 bsc#1206072 bsc#1206075 bsc#1206077 bsc#1206866 bsc#1206867 bsc#1206868 bsc#1207162 bsc#1207396
Cross-References:	CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433
CVSS scores:	CVE-2022-3491 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3491 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3491 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3520 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3520 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3520 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-3705 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-4141 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-4141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4141 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4293 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-4293 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-4293 ( NVD ): 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2023-0049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0049 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0049 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-0051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0051 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0051 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-0054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2023-0054 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0054 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-0288 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0288 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0288 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-0433 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2023-0433 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0433 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves 12 vulnerabilities can now be installed.

Description:

This update for vim fixes the following issues:

• Updated to version 9.0.1234:
• CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396).
• CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162).
• CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868).
• CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867).
• CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866).
• CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028).
• CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071).
• CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072).
• CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075).
• CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077).
• CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797).
• CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2023-209=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-209=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4
  zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-209=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-209=1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-209=1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-209=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-209=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-209=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-209=1

Package List:

• SUSE OpenStack Cloud 9 (x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE OpenStack Cloud 9 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE OpenStack Cloud Crowbar 9 (x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE OpenStack Cloud Crowbar 9 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • gvim-9.0.1234-17.12.1
  • vim-debuginfo-9.0.1234-17.12.1
  • vim-debugsource-9.0.1234-17.12.1
  • vim-9.0.1234-17.12.1
  • gvim-debuginfo-9.0.1234-17.12.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • vim-data-common-9.0.1234-17.12.1
  • vim-data-9.0.1234-17.12.1

References:

• https://www.suse.com/security/cve/CVE-2022-3491.html
• https://www.suse.com/security/cve/CVE-2022-3520.html
• https://www.suse.com/security/cve/CVE-2022-3591.html
• https://www.suse.com/security/cve/CVE-2022-3705.html
• https://www.suse.com/security/cve/CVE-2022-4141.html
• https://www.suse.com/security/cve/CVE-2022-4292.html
• https://www.suse.com/security/cve/CVE-2022-4293.html
• https://www.suse.com/security/cve/CVE-2023-0049.html
• https://www.suse.com/security/cve/CVE-2023-0051.html
• https://www.suse.com/security/cve/CVE-2023-0054.html
• https://www.suse.com/security/cve/CVE-2023-0288.html
• https://www.suse.com/security/cve/CVE-2023-0433.html
• https://bugzilla.suse.com/show_bug.cgi?id=1204779
• https://bugzilla.suse.com/show_bug.cgi?id=1205797
• https://bugzilla.suse.com/show_bug.cgi?id=1206028
• https://bugzilla.suse.com/show_bug.cgi?id=1206071
• https://bugzilla.suse.com/show_bug.cgi?id=1206072
• https://bugzilla.suse.com/show_bug.cgi?id=1206075
• https://bugzilla.suse.com/show_bug.cgi?id=1206077
• https://bugzilla.suse.com/show_bug.cgi?id=1206866
• https://bugzilla.suse.com/show_bug.cgi?id=1206867
• https://bugzilla.suse.com/show_bug.cgi?id=1206868
• https://bugzilla.suse.com/show_bug.cgi?id=1207162
• https://bugzilla.suse.com/show_bug.cgi?id=1207396