ALAS-2023-1703

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1703
Advisory Released Date: 2023-03-20
Advisory Updated Date: 2023-03-22

Severity: Important

References: CVE-2023-0288 CVE-2023-0433 CVE-2023-0512 CVE-2023-1127
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. (CVE-2023-0288)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. (CVE-2023-0433)

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. (CVE-2023-0512)

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

Affected Packages:

vim

Issue Correction:
Run yum update vim to update your system.

New Packages:

i686:
    vim-enhanced-9.0.1367-1.73.amzn1.i686
    vim-minimal-9.0.1367-1.73.amzn1.i686
    vim-common-9.0.1367-1.73.amzn1.i686
    vim-debuginfo-9.0.1367-1.73.amzn1.i686

noarch:
    vim-data-9.0.1367-1.73.amzn1.noarch
    vim-filesystem-9.0.1367-1.73.amzn1.noarch

src:
    vim-9.0.1367-1.73.amzn1.src

x86_64:
    vim-enhanced-9.0.1367-1.73.amzn1.x86_64
    vim-minimal-9.0.1367-1.73.amzn1.x86_64
    vim-debuginfo-9.0.1367-1.73.amzn1.x86_64
    vim-common-9.0.1367-1.73.amzn1.x86_64

Additional References

Red Hat: CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127

Mitre: CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127