Fedora has issued an advisory yesterday (September 6): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/ The issues are fixed upstream in 9.0.1872. Mageia 8 and 9 are also affected.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733) Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750) Use After Free in GitHub repository vim/vim prior to 9.0.1858. (CVE-2023-4752) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4750 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4752 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/ ======================== Updated packages in {8|9}/core/updates_testing: ======================== vim-X11-9.0.1882-1.mga{8|9} vim-common-9.0.1882-1.mga{8|9} vim-enhanced-9.0.1882-1.mga{8|9} vim-minimal-9.0.1882-1.mga{8|9} from SRPM: vim-9.0.1882-1.mga{8|9}.src.rpm
Version: Cauldron => 9Status: NEW => ASSIGNEDWhiteboard: (none) => MGA8TOOSource RPM: (none) => vim-9.0.1572-1.mga9.src.rpmAssignee: bugsquad => qa-bugsCC: (none) => nicolas.salguero
Mageia8, x86_64 Before updating: Obtained the poc files from github but did not expect much help from them because they are supposed to be run against an asan compiled version of vim. $ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf1 -c :qa! Final line of report shows: ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0) $ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf2 -c :qa! ERROR SUMMARY: 396 errors from 63 contexts (suppressed: 0 from 0) $ valgrind --leak-check=full --show-leak-kinds=all -s vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_huaf3 -c :qa! ERROR SUMMARY: 198 errors from 63 contexts (suppressed: 0 from 0) After updating the valgrind reports for poc 1, 2, 3: ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0) ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0) ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0) Difficult to know what to make of that but in general there seem to be fewer errors. Ran vim for a local text file in insertion and overwite modes and exercised the simpler commands including searches and whole line deletion and replacement (dd and pp) and investigated the extensive onboard help system. Used some tags to navigate the documentation. No regressions were apparent. Edited three files in a list on the command line and used the :next command to shift from one to the other. Edited only the third one and finished with :wq. Only the last one was actually written to disk because the others were not changed. All good. This is a huge subject. These quick tests shall have to do.
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OKCC: (none) => tarazed25
Mageia 9, x86_64 Installed the packages and used vim for some days. No regression found. Ulrich
Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OKCC: (none) => bequimao.de
Validating. Advisory in comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0269.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
This update also fixed CVE-2023-4734, CVE-2023-4735, CVE-2023-4738 and CVE-2023-4781.
(In reply to Mageia Robot from comment #5) > An update for this issue has been pushed to the Mageia Updates repository. > > https://advisories.mageia.org/MGASA-2023-0269.html https://basketrandom.io Great updates.
CC: (none) => setid35258
CC: setid35258 => (none)