Bug 32455

Summary: vim new security issue
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, herman.viaene, marja11, nicolas.salguero, sysadmin-bugs, tarazed25
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8TOO MGA9-64-OK MGA8-64-OK
Source RPM: vim-9.0.2059-1.mga9.src.rpm CVE:
Status comment:

Description Nicolas Salguero 2023-10-27 12:51:25 CEST 
The problem was announced here:
https://www.openwall.com/lists/oss-security/2023/10/26/1

Mageia 8 and 9 are also affected.
Nicolas Salguero 2023-10-27 12:51:59 CEST

Status comment: (none) => Fixed upstream in 9.0.2068
CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA9TOO, MGA8TOO
Source RPM: (none) => vim-9.0.2059-1.mga9.src.rpm

Comment 1 Marja Van Waes 2023-10-29 13:54:08 CET 
Assigning to the registered vim maintainer

Assignee: bugsquad => thierry.vignaud
CC: (none) => marja11

Comment 2 Nicolas Salguero 2023-11-03 14:00:30 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Integer overflow in :history Ex-Command in Vim < 9.0.2068.

References:
https://www.openwall.com/lists/oss-security/2023/10/26/1
========================

Updated packages in {8|9}/core/updates_testing:
========================
vim-X11-9.0.2087-1.mga{8|9}
vim-common-9.0.2087-1.mga{8|9}
vim-enhanced-9.0.2087-1.mga{8|9}
vim-minimal-9.0.2087-1.mga{8|9}

from SRPM:
vim-9.0.2087-1.mga{8|9}.src.rpm

Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 9.0.2068 => (none)
Whiteboard: MGA9TOO, MGA8TOO => MGA8TOO
Status: NEW => ASSIGNED
Version: Cauldron => 9

Comment 3 Marja Van Waes 2023-11-03 15:22:50 CET 
I understand this is the matching CVE:
https://www.cvedetails.com/cve/CVE-2023-46246/

Advisory from comment x added to SVN, with the addition of CVE-2023-46246.

Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

Keywords: (none) => advisory

Comment 4 Len Lawrence 2023-11-06 01:47:53 CET 
Mageia9, x64

Tinkered with vim to start with, setting very large values on the history command, e.g:
:history 99999
without anything untoward happening.

Updated and set history to different values.  vim continued to work.
Used the command
$ vim bindoc* edoc*
to edit 6 files.

Using :next! advanced to the next file when no edit was performed.
The sequence 
:w
:next
Moved to the next file after an edit
and so on.

Working as expected.

Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OK
CC: (none) => tarazed25

Comment 5 Herman Viaene 2023-11-09 16:24:27 CET 
MGA8-64 Xfce on Acer 5253
No installation issues.
Tinkered on plain text file wit commands a, i, dd, x, :w and :q
Checked changes with pluma, all OK.

CC: (none) => herman.viaene
Whiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA9-64-OK MGA8-64-OK

Comment 6 Thomas Andrews 2023-11-09 21:13:40 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 7 Mageia Robot 2023-11-10 01:39:26 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0314.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED