Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0481)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0481

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0481)

Resumen: The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory.

Descripción: Summary:
The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory.

Vulnerability Insight:
CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char()
Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character
When vim 8.2 is built with --with-features=huge --enable-gui=none
and address sanitizer, a heap-buffer overflow occurs when running:
echo 'Ywp2XTCqCi4KeQpAMA==' base64 -d > fuzz000.txt
vim -u NONE -X -Z -e -s -S fuzz000.txt -c :qa!

CVE-2021-3796: vim: Use After Free in nv_replace()
Fix: patch 8.2.3428: using freed memory when replacing
When vim 8.2 is built with --with-features=huge --enable-gui=none
and address sanitizer, a use-after-free occurs when running:
LC_ALL=C vim -U NONE -X -Z -e -s -S poc -c :qa!
with the poc file provided.

Affected Software/OS:
'vim' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-3778
https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/
https://security.gentoo.org/glsa/202208-32
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
http://www.openwall.com/lists/oss-security/2021/10/01/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3796
https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0481
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0481)
Resumen:	The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory.
Descripción:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory. Vulnerability Insight: CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char() Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo 'Ywp2XTCqCi4KeQpAMA==' base64 -d > fuzz000.txt vim -u NONE -X -Z -e -s -S fuzz000.txt -c :qa! CVE-2021-3796: vim: Use After Free in nv_replace() Fix: patch 8.2.3428: using freed memory when replacing When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a use-after-free occurs when running: LC_ALL=C vim -U NONE -X -Z -e -s -S poc -c :qa! with the poc file provided. Affected Software/OS: 'vim' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3778 https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/ https://security.gentoo.org/glsa/202208-32 https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html http://www.openwall.com/lists/oss-security/2021/10/01/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3796 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3
Copyright	Copyright (C) 2022 Greenbone AG