ALAS-2023-1761

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1761
Advisory Released Date: 2023-06-08
Advisory Updated Date: 2023-06-08

Severity: Important

References: CVE-2023-2426 CVE-2023-2609 CVE-2023-2610
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. (CVE-2023-2426)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)

Affected Packages:

vim

Issue Correction:
Run yum update vim to update your system.

New Packages:

i686:
    vim-minimal-9.0.1587-1.79.amzn1.i686
    xxd-9.0.1587-1.79.amzn1.i686
    vim-enhanced-9.0.1587-1.79.amzn1.i686
    vim-common-9.0.1587-1.79.amzn1.i686
    vim-debuginfo-9.0.1587-1.79.amzn1.i686

noarch:
    vim-data-9.0.1587-1.79.amzn1.noarch
    vim-filesystem-9.0.1587-1.79.amzn1.noarch

src:
    vim-9.0.1587-1.79.amzn1.src

x86_64:
    vim-common-9.0.1587-1.79.amzn1.x86_64
    vim-enhanced-9.0.1587-1.79.amzn1.x86_64
    vim-minimal-9.0.1587-1.79.amzn1.x86_64
    xxd-9.0.1587-1.79.amzn1.x86_64
    vim-debuginfo-9.0.1587-1.79.amzn1.x86_64

Additional References

Red Hat: CVE-2023-2426, CVE-2023-2609, CVE-2023-2610

Mitre: CVE-2023-2426, CVE-2023-2609, CVE-2023-2610