Bug 32261 - vim new security issues CVE-2023-4733, CVE-2023-4752, CVE-2023-4750
Summary: vim new security issues CVE-2023-4733, CVE-2023-4752, CVE-2023-4750
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8TOO MGA8-64-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-09-07 15:47 CEST by Nicolas Salguero
Modified: 2024-04-17 04:15 CEST (History)
6 users (show)

See Also:
Source RPM: vim-9.0.1572-1.mga9.src.rpm
Status comment:


Description Nicolas Salguero 2023-09-07 15:47:13 CEST
Fedora has issued an advisory yesterday (September 6):

The issues are fixed upstream in 9.0.1872.

Mageia 8 and 9 are also affected.
Comment 1 Nicolas Salguero 2023-09-07 16:50:43 CEST
Suggested advisory:

The updated packages fix security vulnerabilities:

Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733)

Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)

Use After Free in GitHub repository vim/vim prior to 9.0.1858. (CVE-2023-4752)


Updated packages in {8|9}/core/updates_testing:

from SRPM:

Version: Cauldron => 9
Whiteboard: (none) => MGA8TOO
Source RPM: (none) => vim-9.0.1572-1.mga9.src.rpm
Assignee: bugsquad => qa-bugs
CC: (none) => nicolas.salguero

Comment 2 Len Lawrence 2023-09-08 18:39:35 CEST
Mageia8, x86_64

Before updating:
Obtained the poc files from github but did not expect much help from them
because they are supposed to be run against an asan compiled version of vim.

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf1 -c :qa!
Final line of report shows:
ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf2 -c :qa!

ERROR SUMMARY: 396 errors from 63 contexts (suppressed: 0 from 0)

$ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf3 -c :qa!

ERROR SUMMARY: 198 errors from 63 contexts (suppressed: 0 from 0)

After updating the valgrind reports for poc 1, 2, 3:
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)

Difficult to know what to make of that but in general there seem to be fewer

Ran vim for a local text file in insertion and overwite modes and exercised
the simpler commands including searches and whole line deletion and
replacement (dd and pp) and investigated the extensive onboard help system.
Used some tags to navigate the documentation.  No regressions were apparent.
Edited three files in a list on the command line and used the :next command
to shift from one to the other.  Edited only the third one and finished with
:wq.  Only the last one was actually written to disk because the others were
not changed.  All good.

This is a huge subject.  These quick tests shall have to do.

Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
CC: (none) => tarazed25

Comment 3 Ulrich Beckmann 2023-09-20 16:01:21 CEST
Mageia 9, x86_64

Installed the packages and used vim for some days.
No regression found.


Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
CC: (none) => bequimao.de

Comment 4 Thomas Andrews 2023-09-21 04:12:05 CEST
Validating. Advisory in comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-09-22 02:25:48 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2023-09-27 18:33:40 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Comment 6 Nicolas Salguero 2023-10-09 16:17:59 CEST
This update also fixed CVE-2023-4734, CVE-2023-4735, CVE-2023-4738 and CVE-2023-4781.
Comment 7 Freddie Conley 2024-04-17 03:30:17 CEST Comment hidden (spam)

CC: (none) => setid35258

Dave Hodgins 2024-04-17 04:15:22 CEST

CC: setid35258 => (none)

Note You need to log in before you can comment on or make changes to this bug.