Bug 33199

Summary: vim < v9.1.0404: buffer-overlow in xxd with colored output
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: vim-9.1.111-1.mga9.src.rpm CVE:
Status comment:

Description Nicolas Salguero 2024-05-13 14:20:58 CEST 
That issue was announced here:
https://www.openwall.com/lists/oss-security/2024/05/10/1

The problem is fixed in version 9.1.0404.

Mageia 9 is also affected.
Nicolas Salguero 2024-05-13 14:21:38 CEST

Source RPM: (none) => vim-9.1.111-2.mga10.src.rpm
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 9.1.404

Comment 1 Nicolas Salguero 2024-05-13 14:55:27 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Buffer-overlow in xxd with colored output.

References:
https://www.openwall.com/lists/oss-security/2024/05/10/1
========================

Updated packages in core/updates_testing:
========================
vim-X11-9.1.411-1.mga9
vim-common-9.1.411-1.mga9
vim-enhanced-9.1.411-1.mga9
vim-minimal-9.1.411-1.mga9

from SRPM:
vim-9.1.411-1.mga9.src.rpm

Version: Cauldron => 9
Status comment: Fixed upstream in 9.1.404 => (none)
Source RPM: vim-9.1.111-2.mga10.src.rpm => vim-9.1.111-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

katnatek 2024-05-14 04:00:37 CEST

Keywords: (none) => advisory

Comment 2 katnatek 2024-05-15 03:57:45 CEST 
Following links until upstream I run the supposedly problematic command with current packages

rpm -qa|grep vim
vim-common-9.1.111-1.mga9
vim-enhanced-9.1.111-1.mga9
vim-X11-9.1.111-1.mga9
vim-minimal-9.1.111-1.mga9


But I not get crash, this is the second time I can't reproduce the upstream fail and that bothered me

I do more test after receive some feedback

CC: (none) => andrewsfarm
Keywords: (none) => feedback

Comment 3 katnatek 2024-05-19 20:27:23 CEST 
RH mageia 9 x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing vim-X11-9.1.411-1.mga9.x86_64.rpm vim-minimal-9.1.411-1.mga9.x86_64.rpm vim-enhanced-9.1.411-1.mga9.x86_64.rpm vim-common-9.1.411-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/4: vim-common            ##################################################################################################
      2/4: vim-X11               ##################################################################################################
      3/4: vim-enhanced          ##################################################################################################
      4/4: vim-minimal           ##################################################################################################
      1/4: removing vim-enhanced-9.1.111-1.mga9.x86_64
                                 ##################################################################################################
      2/4: removing vim-X11-9.1.111-1.mga9.x86_64
                                 ##################################################################################################
      3/4: removing vim-common-9.1.111-1.mga9.x86_64
                                 ##################################################################################################
      4/4: removing vim-minimal-9.1.111-1.mga9.x86_64
                                 ##################################################################################################


Reading more about the CVE I understand the crash just happen if you run the application with AddressSanitizer

Updated without issues, read , modify , close and read again a test file works without issues

Give OK

Whiteboard: (none) => MGA9-64-OK
Keywords: feedback => (none)

Comment 4 Thomas Andrews 2024-05-20 04:32:51 CEST 
Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Mageia Robot 2024-05-22 01:18:33 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0188.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED