Security update for vim

Announcement ID:	SUSE-SU-2023:0781-2
Rating:	important
References:	bsc#1207780 bsc#1208828 bsc#1208957 bsc#1208959
Cross-References:	CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175
CVSS scores:	CVE-2023-0512 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-0512 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0512 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-1170 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-1170 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2023-1170 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2023-1175 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-1175 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2023-1175 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves four vulnerabilities can now be installed.

Description:

This update for vim fixes the following issues:

• CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
• CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
• CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
• CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).

Updated to version 9.0 with patch level 1386.

• https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2023-781=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2023-781=1

Package List:

• SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
  • vim-data-common-9.0.1386-150000.5.37.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
  • vim-small-9.0.1386-150000.5.37.1
  • vim-debuginfo-9.0.1386-150000.5.37.1
  • vim-small-debuginfo-9.0.1386-150000.5.37.1
  • vim-debugsource-9.0.1386-150000.5.37.1
• SUSE Linux Enterprise Micro 5.4 (noarch)
  • vim-data-common-9.0.1386-150000.5.37.1
• SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
  • vim-small-9.0.1386-150000.5.37.1
  • vim-debuginfo-9.0.1386-150000.5.37.1
  • vim-small-debuginfo-9.0.1386-150000.5.37.1
  • vim-debugsource-9.0.1386-150000.5.37.1

References:

• https://www.suse.com/security/cve/CVE-2023-0512.html
• https://www.suse.com/security/cve/CVE-2023-1127.html
• https://www.suse.com/security/cve/CVE-2023-1170.html
• https://www.suse.com/security/cve/CVE-2023-1175.html
• https://bugzilla.suse.com/show_bug.cgi?id=1207780
• https://bugzilla.suse.com/show_bug.cgi?id=1208828
• https://bugzilla.suse.com/show_bug.cgi?id=1208957
• https://bugzilla.suse.com/show_bug.cgi?id=1208959