Security update for vim SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02226-1 Final 1 1 2025-07-04T13:31:08Z current 2025-07-04T13:31:08Z 2025-07-04T13:31:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vim This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest-2025-2226,Container suse/sle-micro/5.5/toolbox:latest-2025-2226,Container suse/sle-micro/5.5:latest-2025-2226,Image SLES15-SP5-SAP-Azure-LI-BYOS-2025-2226,Image SLES15-SP5-SAP-Azure-LI-BYOS-Production-2025-2226,Image SLES15-SP5-SAP-Azure-VLI-BYOS-2025-2226,Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production-2025-2226,SUSE-2025-2226,SUSE-SLE-Micro-5.5-2025-2226,SUSE-SLE-Module-Basesystem-15-SP6-2025-2226,SUSE-SLE-Module-Basesystem-15-SP7-2025-2226,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-2226,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-2226,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2226,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2226,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2226,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2226,openSUSE-SLE-15.6-2025-2226 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502226-1/ Link for SUSE-SU-2025:02226-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040614.html E-Mail link for SUSE-SU-2025:02226-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228776 SUSE Bug 1228776 https://bugzilla.suse.com/1239602 SUSE Bug 1239602 https://www.suse.com/security/cve/CVE-2024-41965/ SUSE CVE CVE-2024-41965 page https://www.suse.com/security/cve/CVE-2025-29768/ SUSE CVE CVE-2025-29768 page Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container suse/sle-micro/5.5/toolbox:latest Container suse/sle-micro/5.5:latest Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 vim-data-common-9.1.1406-150500.20.27.1 vim-small-9.1.1406-150500.20.27.1 vim-9.1.1406-150500.20.27.1 gvim-9.1.1406-150500.20.27.1 vim-data-9.1.1406-150500.20.27.1 vim-data-common-9.1.1406-150500.20.27.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest vim-small-9.1.1406-150500.20.27.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest vim-9.1.1406-150500.20.27.1 as a component of Container suse/sle-micro/5.5/toolbox:latest vim-data-common-9.1.1406-150500.20.27.1 as a component of Container suse/sle-micro/5.5/toolbox:latest vim-data-common-9.1.1406-150500.20.27.1 as a component of Container suse/sle-micro/5.5:latest vim-small-9.1.1406-150500.20.27.1 as a component of Container suse/sle-micro/5.5:latest vim-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS vim-data-common-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS vim-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS-Production vim-data-common-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS-Production vim-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS vim-data-common-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS vim-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production vim-data-common-9.1.1406-150500.20.27.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Micro 5.5 vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Micro 5.5 vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS gvim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 vim-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 vim-data-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 vim-data-common-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 vim-small-9.1.1406-150500.20.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 gvim-9.1.1406-150500.20.27.1 as a component of openSUSE Leap 15.6 vim-9.1.1406-150500.20.27.1 as a component of openSUSE Leap 15.6 vim-data-9.1.1406-150500.20.27.1 as a component of openSUSE Leap 15.6 vim-data-common-9.1.1406-150500.20.27.1 as a component of openSUSE Leap 15.6 vim-small-9.1.1406-150500.20.27.1 as a component of openSUSE Leap 15.6 Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. CVE-2024-41965 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5/toolbox:latest:vim-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5/toolbox:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5:latest:vim-small-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:gvim-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-data-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-data-common-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-small-9.1.1406-150500.20.27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502226-1/ https://www.suse.com/security/cve/CVE-2024-41965.html CVE-2024-41965 https://bugzilla.suse.com/1228776 SUSE Bug 1228776 Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198. CVE-2025-29768 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:vim-small-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5/toolbox:latest:vim-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5/toolbox:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5:latest:vim-data-common-9.1.1406-150500.20.27.1 Container suse/sle-micro/5.5:latest:vim-small-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:vim-data-common-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:vim-9.1.1406-150500.20.27.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.1.1406-150500.20.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:gvim-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-data-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-data-common-9.1.1406-150500.20.27.1 openSUSE Leap 15.6:vim-small-9.1.1406-150500.20.27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502226-1/ https://www.suse.com/security/cve/CVE-2025-29768.html CVE-2025-29768 https://bugzilla.suse.com/1239602 SUSE Bug 1239602