Bug 33911 - vim new security issue CVE-2025-22134
Summary: vim new security issue CVE-2025-22134
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-01-13 09:29 CET by Nicolas Salguero
Modified: 2025-01-18 19:01 CET (History)
3 users (show)

See Also:
Source RPM: vim-9.1.771-1.mga9.src.rpm
CVE: CVE-2025-22134
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-01-13 09:29:57 CET 
CVE-2025-22134 was announced here:
https://openwall.com/lists/oss-security/2025/01/11/1
Nicolas Salguero 2025-01-13 10:44:12 CET

CVE: (none) => CVE-2025-22134
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => vim-9.1.771-2.mga10.src.rpm, vim-9.1.771-1.mga9.src.rpm

Nicolas Salguero 2025-01-13 10:44:32 CET

Status comment: (none) => Fixed upstream in 9.1.1003

Comment 1 Nicolas Salguero 2025-01-13 12:24:00 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Heap-buffer-overflow with visual mode in Vim < 9.1.1003. (CVE-2025-22134)

References:
https://openwall.com/lists/oss-security/2025/01/11/1
========================

Updated packages in core/updates_testing:
========================
vim-X11-9.1.1012-1.mga9
vim-common-9.1.1012-1.mga9
vim-enhanced-9.1.1012-1.mga9
vim-minimal-9.1.1012-1.mga9

from SRPM:
vim-9.1.1012-1.mga9.src.rpm

Status comment: Fixed upstream in 9.1.1003 => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Source RPM: vim-9.1.771-2.mga10.src.rpm, vim-9.1.771-1.mga9.src.rpm => vim-9.1.771-1.mga9.src.rpm
Assignee: bugsquad => qa-bugs

katnatek 2025-01-13 17:56:13 CET

Keywords: (none) => advisory

Comment 2 katnatek 2025-01-14 17:13:28 CET 
Something is rotten the packages still not arrive to testing and https://pkgsubmit.mageia.org/ shows "partial" as status, The mirror status show 2025-01-10 as last update and the packages are of 2025-01-14

Lack of space again ?

Keywords: (none) => feedback
CC: (none) => sysadmin-bugs

Comment 3 katnatek 2025-01-14 17:15:14 CET 
(In reply to katnatek from comment #2)
> Something is rotten the packages still not arrive to testing and
> https://pkgsubmit.mageia.org/ shows "partial" as status, The mirror status
> show 2025-01-10 as last update and the packages are of 2025-01-14
I mean 2025-01-13
Comment 4 Morgan Leijström 2025-01-14 20:25:37 CET 
At least packages are in
http://mirror.accum.se/mirror/mageia/distrib/9/x86_64/media/core/updates_testing/

CC: (none) => fri

Comment 5 katnatek 2025-01-14 20:42:58 CET 
(In reply to Morgan Leijström from comment #4)
> At least packages are in
> http://mirror.accum.se/mirror/mageia/distrib/9/x86_64/media/core/
> updates_testing/

Looks like mirrors start to update again

RH x86_64

I test the POC file and command and vim freeza after that

installing vim-X11-9.1.1012-1.mga9.x86_64.rpm vim-common-9.1.1012-1.mga9.x86_64.rpm vim-minimal-9.1.1012-1.mga9.x86_64.rpm vim-enhanced-9.1.1012-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/4: vim-common            ##################################################################################################
      2/4: vim-X11               ##################################################################################################
      3/4: vim-enhanced          ##################################################################################################
      4/4: vim-minimal           ##################################################################################################
      1/4: removing vim-enhanced-9.1.771-1.mga9.x86_64
                                 ##################################################################################################
      2/4: removing vim-X11-9.1.771-1.mga9.x86_64
                                 ##################################################################################################
      3/4: removing vim-common-9.1.771-1.mga9.x86_64
                                 ##################################################################################################
      4/4: removing vim-minimal-9.1.771-1.mga9.x86_64
                                 ##################################################################################################

Still the same with the POC
Edit files, close and reopen the files edited, the changes persist
Load the files with Gvim, OK

OK with exception of the POC test
Let to others decide if should be validated
katnatek 2025-01-14 21:26:46 CET

CC: sysadmin-bugs => (none)

Comment 6 Nicolas Salguero 2025-01-15 10:01:55 CET 
(In reply to katnatek from comment #5)
> Still the same with the POC
> Edit files, close and reopen the files edited, the changes persist
> Load the files with Gvim, OK
> 
> OK with exception of the POC test
> Let to others decide if should be validated

Hi,

I was not able to find the POC.  Where did you find it, please?

Best regards,
Comment 7 katnatek 2025-01-15 16:54:18 CET 
(In reply to Nicolas Salguero from comment #6)
> Hi,
> 
> I was not able to find the POC.  Where did you find it, please?
> 
> Best regards,

https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8

If you click on Details, you will find a link to the POC file and the suggested command to make the test
Comment 8 Len Lawrence 2025-01-18 12:27:14 CET 
$ vim -u NONE -i NONE -n -m -X -Z -e -s -S ./vim_hbo_1272 -c ':qa!'
o
      8 -¹ð
Stuck at this point.
Had to remove the terminal.

After updating:
$  vim -u NONE -i NONE -n -m -X -Z -e -s -S ./vim_hbo_1272 -c ':qa!'
$

So the PoC succeeds.

CC: (none) => tarazed25

Comment 9 Morgan Leijström 2025-01-18 14:11:08 CET 
Thank you Len :)
Validating.

Keywords: feedback => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2025-01-18 19:01:13 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0014.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.