That issue was announced here: https://www.openwall.com/lists/oss-security/2024/05/10/1 The problem is fixed in version 9.1.0404. Mageia 9 is also affected.
Source RPM: (none) => vim-9.1.111-2.mga10.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 9.1.404
Suggested advisory: ======================== The updated packages fix a security vulnerability: Buffer-overlow in xxd with colored output. References: https://www.openwall.com/lists/oss-security/2024/05/10/1 ======================== Updated packages in core/updates_testing: ======================== vim-X11-9.1.411-1.mga9 vim-common-9.1.411-1.mga9 vim-enhanced-9.1.411-1.mga9 vim-minimal-9.1.411-1.mga9 from SRPM: vim-9.1.411-1.mga9.src.rpm
Version: Cauldron => 9Status comment: Fixed upstream in 9.1.404 => (none)Source RPM: vim-9.1.111-2.mga10.src.rpm => vim-9.1.111-1.mga9.src.rpmWhiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
Keywords: (none) => advisory
Following links until upstream I run the supposedly problematic command with current packages rpm -qa|grep vim vim-common-9.1.111-1.mga9 vim-enhanced-9.1.111-1.mga9 vim-X11-9.1.111-1.mga9 vim-minimal-9.1.111-1.mga9 But I not get crash, this is the second time I can't reproduce the upstream fail and that bothered me I do more test after receive some feedback
CC: (none) => andrewsfarmKeywords: (none) => feedback
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing vim-X11-9.1.411-1.mga9.x86_64.rpm vim-minimal-9.1.411-1.mga9.x86_64.rpm vim-enhanced-9.1.411-1.mga9.x86_64.rpm vim-common-9.1.411-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/4: vim-common ################################################################################################## 2/4: vim-X11 ################################################################################################## 3/4: vim-enhanced ################################################################################################## 4/4: vim-minimal ################################################################################################## 1/4: removing vim-enhanced-9.1.111-1.mga9.x86_64 ################################################################################################## 2/4: removing vim-X11-9.1.111-1.mga9.x86_64 ################################################################################################## 3/4: removing vim-common-9.1.111-1.mga9.x86_64 ################################################################################################## 4/4: removing vim-minimal-9.1.111-1.mga9.x86_64 ################################################################################################## Reading more about the CVE I understand the crash just happen if you run the application with AddressSanitizer Updated without issues, read , modify , close and read again a test file works without issues Give OK
Whiteboard: (none) => MGA9-64-OKKeywords: feedback => (none)
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0188.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED