32455 – vim new security issue

Bug 32455 - vim new security issue

Summary: vim new security issue

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8TOO MGA9-64-OK MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-10-27 12:51 CEST by Nicolas Salguero
Modified:	2023-11-10 01:39 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	vim-9.0.2059-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2023-10-27 12:51:25 CEST

The problem was announced here:
https://www.openwall.com/lists/oss-security/2023/10/26/1

Mageia 8 and 9 are also affected.

Nicolas Salguero 2023-10-27 12:51:59 CEST

Status comment: (none) => Fixed upstream in 9.0.2068
CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA9TOO, MGA8TOO
Source RPM: (none) => vim-9.0.2059-1.mga9.src.rpm

Comment 1 Marja Van Waes 2023-10-29 13:54:08 CET

Assigning to the registered vim maintainer

Assignee: bugsquad => thierry.vignaud
CC: (none) => marja11

Comment 2 Nicolas Salguero 2023-11-03 14:00:30 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Integer overflow in :history Ex-Command in Vim < 9.0.2068.

References:
https://www.openwall.com/lists/oss-security/2023/10/26/1
========================

Updated packages in {8|9}/core/updates_testing:
========================
vim-X11-9.0.2087-1.mga{8|9}
vim-common-9.0.2087-1.mga{8|9}
vim-enhanced-9.0.2087-1.mga{8|9}
vim-minimal-9.0.2087-1.mga{8|9}

from SRPM:
vim-9.0.2087-1.mga{8|9}.src.rpm

Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 9.0.2068 => (none)
Whiteboard: MGA9TOO, MGA8TOO => MGA8TOO
Status: NEW => ASSIGNED
Version: Cauldron => 9

Comment 3 Marja Van Waes 2023-11-03 15:22:50 CET

I understand this is the matching CVE:
https://www.cvedetails.com/cve/CVE-2023-46246/

Advisory from comment x added to SVN, with the addition of CVE-2023-46246.

Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

Keywords: (none) => advisory

Comment 4 Len Lawrence 2023-11-06 01:47:53 CET

Mageia9, x64

Tinkered with vim to start with, setting very large values on the history command, e.g:
:history 99999
without anything untoward happening.

Updated and set history to different values.  vim continued to work.
Used the command
$ vim bindoc* edoc*
to edit 6 files.

Using :next! advanced to the next file when no edit was performed.
The sequence 
:w
:next
Moved to the next file after an edit
and so on.

Working as expected.

Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OK
CC: (none) => tarazed25

Comment 5 Herman Viaene 2023-11-09 16:24:27 CET

MGA8-64 Xfce on Acer 5253
No installation issues.
Tinkered on plain text file wit commands a, i, dd, x, :w and :q
Checked changes with pluma, all OK.

CC: (none) => herman.viaene
Whiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA9-64-OK MGA8-64-OK

Comment 6 Thomas Andrews 2023-11-09 21:13:40 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 7 Mageia Robot 2023-11-10 01:39:26 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0314.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.