Bug 26380 - vim new security issue CVE-2019-20079
Summary: vim new security issue CVE-2019-20079
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2020-03-24 23:50 CET by David Walser
Modified: 2020-04-01 03:58 CEST (History)
6 users (show)

See Also:
Source RPM: vim-8.1.1048-1.1.mga7.src.rpm
Status comment: Fixed upstream in 8.1.2136


Description David Walser 2020-03-24 23:50:20 CET
Ubuntu has issued an advisory on March 23:

The issue is fixed upstream in 8.1.2136.
David Walser 2020-03-24 23:50:46 CET

CC: (none) => mrambo
Status comment: (none) => Fixed upstream in 8.1.2136
Assignee: bugsquad => thierry.vignaud

Comment 1 Mike Rambo 2020-03-26 18:00:15 CET
Updated package uploaded for Mageia 7.


Updated vim package fixes security vulnerability:

It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory (CVE-2019-20079).


Updated packages in core/updates_testing:

from vim-8.1.2136-1.mga7.src.rpm

Assignee: thierry.vignaud => qa-bugs

Comment 2 Herman Viaene 2020-03-27 10:10:49 CET
MGA7-64 Plasma on Lenovo B50
No installation issues
Tested by creating a new file and exercising the a, i, :w, :q , x and dd commands
$ vim-enhanced testvim.txt
$ more testvim.txt
Een lijntje met rommel
En nog wat er bij.

$ vim-minimal testvim.txt 
$ more testvim.txt
Een lijntje met rommel
Nog eentje ertusschen.
bybyobobboobbb ! g  !è !! ooè!o!è
En nog wat er bij.
Nog wat erna.

$ vim-minimal testvim.txt 
$ more testvim.txt
Een lijntje met rommel
Nog eentje ertussen.
En nog wat er bij.
Nog wat erna.

I don't remember any other vi commands and I don't want to load my memory capacity with them.
All looks OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 Len Lawrence 2020-03-27 11:36:00 CET
Beat me to it again Herman.  Had been reading the documentation on autocmd. 
Since that is the area where the trouble lay it seemed worth testing.

Lifted an autocmd example from the documentation and dumped it to a local .vimrc.
:augroup gzip
  :  autocmd!
  :  autocmd BufReadPre,FileReadPre	*.gz set bin
  :  autocmd BufReadPost,FileReadPost	*.gz '[,']!gunzip
  :  autocmd BufReadPost,FileReadPost	*.gz set nobin
  :  autocmd BufReadPost,FileReadPost	*.gz execute ":doautocmd BufReadPost " . expand("%:r")
  :  autocmd BufWritePost,FileWritePost	*.gz !mv <afile> <afile>:r
  :  autocmd BufWritePost,FileWritePost	*.gz !gzip <afile>:r

  :  autocmd FileAppendPre		*.gz !gunzip <afile>
  :  autocmd FileAppendPre		*.gz !mv <afile>:r <afile>
  :  autocmd FileAppendPost		*.gz !mv <afile> <afile>:r
  :  autocmd FileAppendPost		*.gz !gzip <afile>:r
  :augroup END

Updated the four packages for mga7, x86_64.  Created a small text file in tmp.

$ gzip tmp/test.txt
$ ll
-rw-r--r-- 1 lcl lcl       155 Mar 27 10:21 test.txt.gz
$ vim tmp/test.txt.gz
<That worked - the text showed up in the buffer>
<Added a few lines and saved it>
$ ll tmp/test.txt.gz
-rw-r--r-- 1 lcl lcl 206 Mar 27 10:26 tmp/test.txt.gz
$ cd tmp
$ gunzip test.txt.gz
$ cat test.txt
|                                        |
|  Twas brillig and the slithy toves     |
|  Did gyre and and gimble in the wabe.  |
|  All mimsy were the borogoves          |
|  And the mome raths outgrabe.          |
|                                        |

The Hunting of the Jabberwock
Lewis Carroll
aka the Reverend Charles Dodgson

The attribution was added in the vim session, so the autocmd function works, if I understand the documentation.  Reinforcing Herman's OK.

CC: (none) => tarazed25

Comment 4 Thomas Andrews 2020-03-27 22:27:22 CET
Tag-teaming them now, eh? Great!

Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2020-03-31 23:43:10 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-04-01 03:58:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.