Bug 32261

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733)

Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)

Use After Free in GitHub repository vim/vim prior to 9.0.1858. (CVE-2023-4752)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4752
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
========================

Updated packages in {8|9}/core/updates_testing:
========================
vim-X11-9.0.1882-1.mga{8|9}
vim-common-9.0.1882-1.mga{8|9}
vim-enhanced-9.0.1882-1.mga{8|9}
vim-minimal-9.0.1882-1.mga{8|9}

from SRPM:
vim-9.0.1882-1.mga{8|9}.src.rpm

Version: Cauldron => 9
Status: NEW => ASSIGNED
Whiteboard: (none) => MGA8TOO
Source RPM: (none) => vim-9.0.1572-1.mga9.src.rpm
Assignee: bugsquad => qa-bugs
CC: (none) => nicolas.salguero

Mageia8, x86_64

Before updating:
Obtained the poc files from github but did not expect much help from them
because they are supposed to be run against an asan compiled version of vim.

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf1 -c :qa!
Final line of report shows:
ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf2 -c :qa!

ERROR SUMMARY: 396 errors from 63 contexts (suppressed: 0 from 0)

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf3 -c :qa!

ERROR SUMMARY: 198 errors from 63 contexts (suppressed: 0 from 0)

After updating the valgrind reports for poc 1, 2, 3:
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)

Difficult to know what to make of that but in general there seem to be fewer
errors.

Ran vim for a local text file in insertion and overwite modes and exercised
the simpler commands including searches and whole line deletion and
replacement (dd and pp) and investigated the extensive onboard help system.
Used some tags to navigate the documentation.  No regressions were apparent.
Edited three files in a list on the command line and used the :next command
to shift from one to the other.  Edited only the third one and finished with
:wq.  Only the last one was actually written to disk because the others were
not changed.  All good.

This is a huge subject.  These quick tests shall have to do.

Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
CC: (none) => tarazed25

Mageia 9, x86_64

Installed the packages and used vim for some days.
No regression found.

Ulrich

Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
CC: (none) => bequimao.de

Validating. Advisory in comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0269.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

This update also fixed CVE-2023-4734, CVE-2023-4735, CVE-2023-4738 and CVE-2023-4781.