SUSE-SU-2025:03240-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503240-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03240-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:03240-1
- Upstream
- Related
- Published
- 2025-09-16T19:57:09Z
- Modified
- 2025-09-18T20:01:25.997320Z
- Summary
- Security update for vim
- Details
-
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202503240-1/
- https://bugzilla.suse.com/1246602
- https://bugzilla.suse.com/1246604
- https://bugzilla.suse.com/1247938
- https://bugzilla.suse.com/1247939
- https://www.suse.com/security/cve/CVE-2025-53905
- https://www.suse.com/security/cve/CVE-2025-53906
- https://www.suse.com/security/cve/CVE-2025-55157
- https://www.suse.com/security/cve/CVE-2025-55158
Affected packages
SUSE:Linux Enterprise Micro 5.3 / vim
Package
- Name
- vim
- Purl
- pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
SUSE:Linux Enterprise Micro 5.4 / vim
Package
- Name
- vim
- Purl
- pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4
SUSE:Linux Enterprise Micro 5.1 / vim
Package
- Name
- vim
- Purl
- pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1