moderate: gnutls/vim security update
moderate
An update for gnutls/vim is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
gnutls:
vim:
Security Fix(es):
gnutls: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.(CVE-2023-5981)
gnutls: bugfix
vim: A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.(CVE-2023-48232)
vim: A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.(CVE-2023-48233)
vim: A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.(CVE-2023-48234)
vim: A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.(CVE-2023-48235)
vim: A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.(CVE-2023-48236)
vim: A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.(CVE-2023-4733)
vim: A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.(CVE-2023-4750)
vim: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.(CVE-2023-4734)
vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.(CVE-2023-4735)
vim: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.(CVE-2023-4736)
vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.(CVE-2023-4738)
vim: A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.(CVE-2023-4752)
vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.(CVE-2023-4781)
vim: A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.(CVE-2023-5344)
vim: A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.(CVE-2023-5441)
vim: A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.(CVE-2023-5535)
vim: is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.(CVE-2023-46246)
vim: A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.(CVE-2023-48231)
vim: A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.(CVE-2023-48237)
vim: A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.(CVE-2023-48706)
vim: A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.(CVE-2024-22667)
vim: A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.(CVE-2025-24014)
vim: A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.(CVE-2025-26603)
vim: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.