Security update for vim

Announcement ID:	SUSE-SU-2025:0724-1
Release Date:	2025-02-26T13:30:43Z
Rating:	moderate
References:	bsc#1229685 bsc#1229822 bsc#1230078 bsc#1235695 bsc#1236151 bsc#1237137
Cross-References:	CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014
CVSS scores:	CVE-2024-43790 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L CVE-2024-43790 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2024-43802 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2024-43802 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2024-45306 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-45306 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2024-45306 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2024-45306 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2025-1215 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-1215 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2025-1215 ( NVD ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-1215 ( NVD ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2025-22134 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-22134 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2025-22134 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2025-24014 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-24014 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2025-24014 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.2 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves six vulnerabilities can now be installed.

Description:

This update for vim fixes the following issues:

Update to version 9.1.1101:

• CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
• CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
• CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
• CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695).
• CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
• CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2025-724=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2025-724=1
• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-724=1

Package List:

• SUSE Linux Enterprise Micro 5.2 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.3 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.4 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.1 (noarch)
  • vim-data-common-9.1.1101-150000.5.69.1
• SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
  • vim-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-debuginfo-9.1.1101-150000.5.69.1
  • vim-small-9.1.1101-150000.5.69.1
  • vim-debugsource-9.1.1101-150000.5.69.1
  • xxd-9.1.1101-150000.5.69.1

References:

• https://www.suse.com/security/cve/CVE-2024-43790.html
• https://www.suse.com/security/cve/CVE-2024-43802.html
• https://www.suse.com/security/cve/CVE-2024-45306.html
• https://www.suse.com/security/cve/CVE-2025-1215.html
• https://www.suse.com/security/cve/CVE-2025-22134.html
• https://www.suse.com/security/cve/CVE-2025-24014.html
• https://bugzilla.suse.com/show_bug.cgi?id=1229685
• https://bugzilla.suse.com/show_bug.cgi?id=1229822
• https://bugzilla.suse.com/show_bug.cgi?id=1230078
• https://bugzilla.suse.com/show_bug.cgi?id=1235695
• https://bugzilla.suse.com/show_bug.cgi?id=1236151
• https://bugzilla.suse.com/show_bug.cgi?id=1237137