ALAS-2023-1681

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1681
Advisory Released Date: 2023-02-04
Advisory Updated Date: 2023-02-04

Severity: Medium

References: CVE-2022-4292 CVE-2023-0049
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Use After Free in GitHub repository vim/vim prior to 9.0.0882. (CVE-2022-4292)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049)

Affected Packages:

vim

Issue Correction:
Run yum update vim to update your system.

New Packages:

i686:
    vim-common-9.0.1160-1.1.amzn1.i686
    vim-enhanced-9.0.1160-1.1.amzn1.i686
    vim-debuginfo-9.0.1160-1.1.amzn1.i686
    vim-minimal-9.0.1160-1.1.amzn1.i686

noarch:
    vim-data-9.0.1160-1.1.amzn1.noarch
    vim-filesystem-9.0.1160-1.1.amzn1.noarch

src:
    vim-9.0.1160-1.1.amzn1.src

x86_64:
    vim-debuginfo-9.0.1160-1.1.amzn1.x86_64
    vim-minimal-9.0.1160-1.1.amzn1.x86_64
    vim-enhanced-9.0.1160-1.1.amzn1.x86_64
    vim-common-9.0.1160-1.1.amzn1.x86_64

Additional References

Red Hat: CVE-2022-4292, CVE-2023-0049

Mitre: CVE-2022-4292, CVE-2023-0049

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2023-1681

Additional References