Bug 31490 - vim new security issues CVE-2022-47024 and CVE-2023-0433
Summary: vim new security issues CVE-2022-47024 and CVE-2023-0433
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-02-01 17:14 CET by David Walser
Modified: 2023-03-16 18:00 CET (History)
7 users (show)

See Also:
Source RPM: vim-9.0.1221-1.mga8.src.rpm
CVE: CVE-2022-47024, CVE-2023-0433
Status comment:


Attachments

Description David Walser 2023-02-01 17:14:49 CET
Ubuntu has issued an advisory today (February 1):
https://ubuntu.com/security/notices/USN-5836-1

The issue is fixed upstream in 9.0.1225.

Mageia 8 is also affected.
David Walser 2023-02-01 17:15:01 CET

Status comment: (none) => Fixed upstream in 9.0.1225
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2023-02-01 18:24:59 CET
openSUSE has issued an advisory for this on January 30:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YTSMWBSYCUOQ5M745FWM6JT2JSX5KYBG/
Comment 2 Marja Van Waes 2023-02-04 22:28:16 CET
Assigning to our registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => thierry.vignaud

Comment 3 David Walser 2023-02-13 18:17:56 CET
Fedora has issued an advisory today (February 13):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/

It fixes a new issue that is fixed upstream in 9.0.1292.

Mageia 8 is also affected.

Status comment: Fixed upstream in 9.0.1225 => Fixed upstream in 9.0.1292
Summary: vim new security issue CVE-2023-0433 => vim new security issues CVE-2022-47024 and CVE-2023-0433
Severity: normal => major

Comment 4 Nicolas Salguero 2023-02-27 15:49:33 CET
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. (CVE-2022-47024)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. (CVE-2023-0433)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0433
https://ubuntu.com/security/notices/USN-5836-1
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YTSMWBSYCUOQ5M745FWM6JT2JSX5KYBG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
========================

Updated packages in core/updates_testing:
========================
vim-X11-9.0.1314-1.mga8
vim-common-9.0.1314-1.mga8
vim-enhanced-9.0.1314-1.mga8
vim-minimal-9.0.1314-1.mga8

from SRPM:
vim-9.0.1314-1.mga8.src.rpm

Version: Cauldron => 8
Status comment: Fixed upstream in 9.0.1292 => (none)
Assignee: thierry.vignaud => qa-bugs
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
CVE: (none) => CVE-2022-47024, CVE-2023-0433

Comment 5 Herman Viaene 2023-03-01 10:38:47 CET
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Created new txt file by
$ vi pruts.txt
Added, inserted,deleted characters and complete lines, saved and reopened the file several times in between the operations, all wal aboard.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 6 Len Lawrence 2023-03-01 11:16:14 CET
Midair collision here!

mga8, x64

Updated the packages and put vim through its paces in normal (default) mode using a simple range of commands, switching between modes insertion and command, accessing onboard help, exit without saving changes....

Checked the man pages.
Tried the graphical version using
$ gvim gview
and that worked fine as well, saving current file as gview if no file has been specified.  Files can be opened from the menu and edited OK.

$ view
starts vim in readonly mode, which is not particularly useful.

Easy mode is started with
$ vim -y 
starts vim in easy mode, that is insert mode where the user can no longer use Esc to switch modes or anything ele.  Ctrl-q allows exit with a choice of saving current work or not.

Everything seems to work as before.

CC: (none) => tarazed25

Comment 7 Thomas Andrews 2023-03-01 17:23:40 CET
Validating. Advisory in comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-03-01 17:45:48 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2023-03-01 22:15:56 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0075.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 9 David Walser 2023-03-16 18:00:30 CET
This update also fixed CVE-2023-0512:
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014068.html

Note You need to log in before you can comment on or make changes to this bug.