<!doctype html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>ALAS2022-2021-001</title>
        <link rel='icon' type='image/x-icon' href='../static/favicon.ico' />
<link rel="stylesheet" href="../static/bootstrap.min.css" type='text/css' media='print, projection, screen' >
<link rel='stylesheet' href='../static/blue_style.css' type='text/css' media='print, projection, screen' />
<link rel='stylesheet' href='../static/fontawesome.css' type='text/css' media='print, projection, screen' />
<link rel='stylesheet' href='../static/style.css' type='text/css' media='print, projection, screen' />
<script type='text/javascript' src='../static/jquery.min.js'></script>
<script type='text/javascript' src='../static/jquery.tablesorter.min.js'></script>
<script type="text/javascript" src="../static/index.js"></script>

<!--Add constant cookie banner on this page-->
<script type = 'text/javascript'>
    var shortbread = AWSCShortbread();
    shortbread.checkForCookieConsent();
    function customize() {
        shortbread.customizeCookies();
    }
</script>

<style>
    a{text-decoration: none; color: #0073BB}
    a:visited{color: #0073BB}
    .Site {
        display: flex;
        display: -webkit-flex; /* Safari */
        min-height: 100vh;
        flex-direction: column;
    }
    .Site-content {
        flex: 1;
    }
</style>
    </head>
    <body class="Site">
        <main class="Site-content">
            <div class="container">
                <nav class="navbar navbar-fixed-top navbar-inverse" style="background-color: #000000" id="bs-navbar">
    <a style="font-size: 20px; color: #FF9900" class="navbar-brand" href="/"><b>Amazon Linux Security Center</b></a>
    <ul class="nav navbar-nav navbar-right" style="color: #ff9900">
    <li style="background-color: #333333;"> <a style="color: #FFFFFF" href="/">Amazon Linux</a> </li><li style="background-color: #333333;"> <a style="color: #FFFFFF" href="/alas2.html">Amazon Linux 2</a> </li><li style="background-color: #FF9900;"> <a style="color: #000000" href="/alas2022.html">Amazon Linux 2022</a> </li><li style="background-color: #333333;"> <a style="color: #FFFFFF" href="/announcements.html">Announcements</a> </li>
    </ul>
</nav>
            </div>
            <div style='min-height: 523px; margin-top:80px;' class='nine columns content-with-nav' role='main'>
                <section>
                    <div class='title'>
                        <h1 id='ALAS2022-2021-001'>ALAS2022-2021-001</h1>
                    </div>

                    <div class='text'>
                        <hr class='mid-pad'>
                        <span class='alas-info'>

                            <b>Amazon Linux 2022 Security Advisory:</b> ALAS-2021-001

                        </span><br />
                        <span class='alas-info'><b>Advisory Release Date:</b> 2021-10-26 02:25 Pacific</span><br />
                        <span class='alas-info'><b>Advisory Updated Date:</b> 2021-10-27 00:24 Pacific</span><br />

                        <div id='severity' class='alas-info'>
                            <b>Severity:</b>
                            <span class='date'>
                                <span class='bulletin-type'>
                                    <i class='fas fa-exclamation-triangle'></i>
                                </span>
                            </span>
                            Medium<br />
                        </div>

                        <div id='references'>
                            <b>References:</b>
                            <a href='https://access.redhat.com/security/cve/CVE-2021-3778' target='_blank'>CVE-2021-3778&nbsp;<i class="fas fa-external-link-alt"></i></a>
                            <a href='https://access.redhat.com/security/cve/CVE-2021-3796' target='_blank'>CVE-2021-3796&nbsp;<i class="fas fa-external-link-alt"></i></a>
                            <a href='/cve/html/CVE-2021-3872.html' target='_blank'>CVE-2021-3872&nbsp;<i class="fas fa-external-link-alt"></i></a>
                            <a href='/cve/html/CVE-2021-3875.html' target='_blank'>CVE-2021-3875&nbsp;<i class="fas fa-external-link-alt"></i></a>
                            <br />
                        </div>

                        <hr class='mid-pad'>
                        <div id='issue_overview'>
                            <b>Issue Overview:</b>
                            <p>A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778)</p><p>A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796)</p><p>An out-of-bounds write flaw was found in vim&#39;s drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872)</p><p>There&#39;s an out-of-bounds read flaw in Vim&#39;s ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875)</p>
                        </div>

                        <div id='affected_packages' class='alas-info'>
                            <br />
                            <b>Affected Packages:</b>
                            <br />
                            <p>vim</p>
                        </div>

                        <div id='issue_correction'>
                            <br />
                            <b>Issue Correction:</b>
                            <br />Run <i>yum update vim</i> to update your system.
                                <br /></div>
                        <br />
                        <div id='new_packages'>
                            <b>New Packages:</b><pre>aarch64:<br />&nbsp;&nbsp;&nbsp; vim-X11-debuginfo-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-common-debuginfo-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-debuginfo-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-enhanced-debuginfo-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-enhanced-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-minimal-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-X11-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-minimal-debuginfo-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-debugsource-8.2.3512-1.amzn2022.aarch64<br />&nbsp;&nbsp;&nbsp; vim-common-8.2.3512-1.amzn2022.aarch64<br /><br />i686:<br />&nbsp;&nbsp;&nbsp; vim-enhanced-debuginfo-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-X11-debuginfo-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-debugsource-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-common-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-X11-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-enhanced-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-minimal-debuginfo-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-minimal-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-debuginfo-8.2.3512-1.amzn2022.i686<br />&nbsp;&nbsp;&nbsp; vim-common-debuginfo-8.2.3512-1.amzn2022.i686<br /><br />noarch:<br />&nbsp;&nbsp;&nbsp; vim-default-editor-8.2.3512-1.amzn2022.noarch<br />&nbsp;&nbsp;&nbsp; vim-filesystem-8.2.3512-1.amzn2022.noarch<br /><br />src:<br />&nbsp;&nbsp;&nbsp; vim-8.2.3512-1.amzn2022.src<br /><br />x86_64:<br />&nbsp;&nbsp;&nbsp; vim-X11-debuginfo-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-common-debuginfo-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-debugsource-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-minimal-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-debuginfo-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-minimal-debuginfo-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-enhanced-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-enhanced-debuginfo-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-X11-8.2.3512-1.amzn2022.x86_64<br />&nbsp;&nbsp;&nbsp; vim-common-8.2.3512-1.amzn2022.x86_64<br /><br /></pre></div>
                    </div>
                    <div style="flex:1; margin-bottom: 40px;" class="links-container">
                        <h3 class="section-heading">Additional References</h3>
                        <p>
                            Red Hat:&nbsp;<a style="margin-bottom: 40px;" href="https://access.redhat.com/security/cve/CVE-2021-3778" target="_blank" rel="noopener noreferrer">CVE-2021-3778</a>,
                            <a style="margin-bottom: 40px;" href="https://access.redhat.com/security/cve/CVE-2021-3796" target="_blank" rel="noopener noreferrer">CVE-2021-3796</a>,
                            <a style="margin-bottom: 40px;" href="https://access.redhat.com/security/cve/CVE-2021-3872" target="_blank" rel="noopener noreferrer">CVE-2021-3872</a>,
                            <a style="margin-bottom: 40px;" href="https://access.redhat.com/security/cve/CVE-2021-3875" target="_blank" rel="noopener noreferrer">CVE-2021-3875</a></p>
                        <p>
                            Mitre:&nbsp;<a style="margin-bottom: 40px;" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778" target="_blank" rel="noopener noreferrer">CVE-2021-3778</a>,
                            <a style="margin-bottom: 40px;" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796" target="_blank" rel="noopener noreferrer">CVE-2021-3796</a>,
                            <a style="margin-bottom: 40px;" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3872" target="_blank" rel="noopener noreferrer">CVE-2021-3872</a>,
                            <a style="margin-bottom: 40px;" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3875" target="_blank" rel="noopener noreferrer">CVE-2021-3875</a></p>
                    </div>
                </section>
            </div>
        </main>
        <footer style="padding-left: 30px; padding-right: 30px;"><p style="color: #687078">
      CVE description copyright &#169 2021
      <a href="https://cve.mitre.org/about/termsofuse.html" target="_blank" rel="noopener noreferrer">The MITRE Corporation</a>
    </p>
    <p style="color: #687078">
      CVE description copyright &#169 2021 Red Hat, Inc. Per
      <a href="https://access.redhat.com/security/data" target="_blank" rel="noopener noreferrer">https://access.redhat.com/security/data</a>,
      RedHat's CVE report is licensed under
      <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="noopener noreferrer">CC BY 4.0</a>.
    </p>
</footer>
        <footer style="padding-left: 30px; padding-right: 30px;"><p>
        <a href="https://aws.amazon.com/privacy/" target="_blank" rel="noopener noreferrer">Privacy</a> |
        <a href="https://aws.amazon.com/terms/" target="_blank" rel="noopener noreferrer">Site terms</a> |
        <a href="#" onclick="customize()">Cookie preferences</a> |
        <span style="color: #687078">&#169 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.</span>
    </p>
</footer>
    </body>
</html>
