Bug 31766 - vim new security issue fixed upstream in 9.0.1440
Summary: vim new security issue fixed upstream in 9.0.1440
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-04-06 01:24 CEST by David Walser
Modified: 2023-04-11 21:03 CEST (History)
5 users (show)

See Also:
Source RPM: vim-9.0.1411-1.mga8.src.rpm
Status comment:


Description David Walser 2023-04-06 01:24:55 CEST
I got a heads up on IRC about a security issue fixed upstream in vim:
"code exec through rvim"

So we'll need to update it again soon (latest is currently 9.0.1441).

I assume a CVE will be assigned at some point (especially since it seems like most vim commits get CVEs lately).
David Walser 2023-04-06 01:25:04 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Salguero 2023-04-06 10:57:47 CEST
Suggested advisory:

The updated packages fix a security vulnerability:

"rvim" can execute a shell through :diffpatch.


Updated packages in core/updates_testing:

from SRPM:

Whiteboard: MGA8TOO => (none)
Assignee: bugsquad => qa-bugs
Source RPM: vim-9.0.1411-1.mga9.src.rpm => vim-9.0.1411-1.mga8.src.rpm
CC: (none) => nicolas.salguero
Version: Cauldron => 8

Comment 2 Len Lawrence 2023-04-08 17:22:52 CEST
Mageia8, x86_64

Sidestepped the business of executing a shell via :diffpatch.  Not my territory.
The point about rvim is that it involves usage restrictions like not being able to start a shell.
Updated the packages and tested vim much as in bug 31637 and found no regressions.

vim opens a file with the cursor positioned at the last position it occupied if previously edited with vim.  `vim -r` lists all swap files in current directory and various tmp directories.

A previous session may be recovered using
$ vim -r <filename>
$ vim -r kernel
Using swap file ".kernel.swp"
Original file "~/text/kernel"
Recovery completed. Buffer contents equals file contents.
You may want to delete the .swp file now.

Press ENTER or type command to continue
That worked but the .kernel.swp file in the current directory had not changed, so the swap file must be removed before closing the current edit.

$ex <file>
works.  A search with the / command returns the first match and 'visual' switches to normal mode.  Useful perhaps for checking contents of files without revealing everything.

$ vimdiff kernel kernel.106
2 files to edit
This showed the differences between two files side by side (up to 8 is possible).  `vim -d files...` is the same thing.

$ gvim <file>
displays the file in a gui panel which responds to the mouse for positioning.

evim does not seem to be available (easy mode) but `vim -y` does the same thing but does not seem to be very useful because there is no way apparent to exit.

No regressions as far as can be seen.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Comment 3 Thomas Andrews 2023-04-09 14:41:01 CEST
Validating. Advisory in comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-04-11 00:58:13 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2023-04-11 21:03:57 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.