CVE-2025-24014 was announced here: https://www.openwall.com/lists/oss-security/2025/01/20/4
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2025-24014Status comment: (none) => Fixed upstream in 9.1.1043Source RPM: (none) => vim-9.1.1012-1.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix a security vulnerability: segmentation fault in win_line() in Vim < 9.1.1043. (CVE-2025-24014) References: https://www.openwall.com/lists/oss-security/2025/01/20/4 ======================== Updated packages in core/updates_testing: ======================== vim-X11-9.1.1043-1.mga9 vim-common-9.1.1043-1.mga9 vim-enhanced-9.1.1043-1.mga9 vim-minimal-9.1.1043-1.mga9 from SRPM: vim-9.1.1043-1.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 9.1.1043 => (none)Status: NEW => ASSIGNEDWhiteboard: MGA9TOO => (none)Version: Cauldron => 9
It occurs to me that in the past some vim updates have affected neovim, as well. The last round, a few days ago, did not list neovim, and I just want to be sure we aren't missing something. Does this, or that last update, affect neovim?
CC: (none) => andrewsfarm
RH x86_64 Again is not difference for me with the poc with the current neither updated packages And the previous poc still do the same for me installing vim-common-9.1.1043-1.mga9.x86_64.rpm vim-minimal-9.1.1043-1.mga9.x86_64.rpm vim-X11-9.1.1043-1.mga9.x86_64.rpm vim-enhanced-9.1.1043-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/4: vim-common ################################################################################################## 2/4: vim-X11 ################################################################################################## 3/4: vim-enhanced ################################################################################################## 4/4: vim-minimal ################################################################################################## 1/4: removing vim-enhanced-9.1.1012-1.mga9.x86_64 ################################################################################################## 2/4: removing vim-X11-9.1.1012-1.mga9.x86_64 ################################################################################################## 3/4: removing vim-common-9.1.1012-1.mga9.x86_64 ################################################################################################## 4/4: removing vim-minimal-9.1.1012-1.mga9.x86_64 ################################################################################################## Look good for me in the regular use
Keywords: (none) => advisory
(In reply to Thomas Andrews from comment #2) > It occurs to me that in the past some vim updates have affected neovim, as > well. The last round, a few days ago, did not list neovim, and I just want > to be sure we aren't missing something. > > Does this, or that last update, affect neovim? Thanks for the reminder. As far as I can see, the two latest CVEs that affect vim, including this one, do not affect neovim.
OK, just checking. (Part of my job...)
Len if you could check the poc for this bug, thank you
CC: (none) => tarazed25
Source RPM: vim-9.1.1012-1.mga9.src.rpm => vim-9.1.1012-1.mga9
In reply to katnatek in comment #6: Sorry I did not comment before; had already had a look at the github link https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919#diff-ea763fdb2cbd2223b87bfc5dcbc65b0d0b7a9e07c7738d3ff1d136b98dce06fc and failed to see how to run the check. It looks like the ex_redraw_crash file is a target for func Test_crash1_3() in some file not named. Maybe in vim itself or a test suite? I am not a developer so the references do not make much sense to me. I did try creating the ex_redraw_crash file then feeding it to vim, which before and after the update says nothing, but I have no confidence in it - the expected reply afterwards might be ":qa!". $ vim -u NONE -i NONE -n -m -X -Z -e -s -S -c ':qa!' ex_redraw_crash $
(In reply to Len Lawrence from comment #7) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 In details, you can see also the command and link to test file
(In reply to katnatek from comment #8) Thanks for the pointer. Best left until the morning.
mga9, x86_64 Before update: $ rpm -qa | grep vim- vim-common-9.1.1012-1.mga9 vim-enhanced-9.1.1012-1.mga9 vim-minimal-9.1.1012-1.mga9 vim-X11-9.1.1012-1.mga9 $ valgrind /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S vim_SEGV1 -c :qa! ==2402484== Memcheck, a memory error detector ==2402484== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==2402484== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info ==2402484== Command: /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S vim_SEGV1 -c :qa! ==2402484== There it hangs, presumably forever. Had to remove terminal - ctrl-C fails to inerrupt it. The upstream test outputs ==3632033== Invalid write of size 1 [...] Segmentation fault $ rpm -qa | grep vim- vim-common-9.1.1043-1.mga9 vim-enhanced-9.1.1043-1.mga9 vim-X11-9.1.1043-1.mga9 vim-minimal-9.1.1043-1.mga9 After the update the result is exactly the same. The terminal hangs with no output at all. No response to ^C but the terminal menu allows another tab to be created, which functions normally. Killed the original from the tab. So, this result does not tell us anything useful. Started gkrellm and ran the POC test again and saw no unusual activity, no change in temperatures. Watched htop for a while but could not identify valgrind; I guess it appeared long before and rolled out of view. No other suspicious processes either. Restarted the test but again could not see anything relevant to mate-terminal or valgrind or vim. vim still works but maybe it is also still vulnerable?
(In reply to Len Lawrence from comment #10) > mga9, x86_64 > Before update: > $ rpm -qa | grep vim- > vim-common-9.1.1012-1.mga9 > vim-enhanced-9.1.1012-1.mga9 > vim-minimal-9.1.1012-1.mga9 > vim-X11-9.1.1012-1.mga9 > > $ valgrind /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S vim_SEGV1 -c > :qa! > ==2402484== Memcheck, a memory error detector > ==2402484== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. > ==2402484== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright > info > ==2402484== Command: /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S > vim_SEGV1 -c :qa! > ==2402484== > > There it hangs, presumably forever. Had to remove terminal - ctrl-C fails to > inerrupt it. > The upstream test outputs > > ==3632033== Invalid write of size 1 > [...] > Segmentation fault > > $ rpm -qa | grep vim- > vim-common-9.1.1043-1.mga9 > vim-enhanced-9.1.1043-1.mga9 > vim-X11-9.1.1043-1.mga9 > vim-minimal-9.1.1043-1.mga9 > > After the update the result is exactly the same. The terminal hangs with no > output at all. No response to ^C but the terminal menu allows another tab > to be created, which functions normally. Killed the original from the tab. > > So, this result does not tell us anything useful. > > Started gkrellm and ran the POC test again and saw no unusual activity, no > change in temperatures. Watched htop for a while but could not identify > valgrind; I guess it appeared long before and rolled out of view. No other > suspicious processes either. Restarted the test but again could not see > anything relevant to mate-terminal or valgrind or vim. > > vim still works but maybe it is also still vulnerable? This is a call for you Nicolas
Keywords: (none) => feedback
(In reply to katnatek from comment #11) > This is a call for you Nicolas Hi, As I understand it, the fact that the output does not contain: """ Invalid write of size 1 [...] Segmentation fault """ after the update means the security issue is fixed, even though ctrl-C fails to interrupt the process.
@Len if you confirm that the "Segmentation fault" no longer is present we can validate this
@katnatek: will do if I can find which system I was running the update on. I have been switching around just lately and have lost my place. Later.
Ahh. This seems to be it. $ valgrind /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S vim_SEGV1 -c :qa! ==3080147== Memcheck, a memory error detector ==3080147== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==3080147== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info ==3080147== Command: /usr/bin/vim -u NONE -i NONE -n -m -X -Z -e -s -S vim_SEGV1 -c :qa! ==3080147== ==3080147== ==3080147== HEAP SUMMARY: ==3080147== in use at exit: 166,241 bytes in 407 blocks ==3080147== total heap usage: 1,069 allocs, 662 frees, 281,832 bytes allocated ==3080147== ==3080147== LEAK SUMMARY: ==3080147== definitely lost: 8,192 bytes in 1 blocks ==3080147== indirectly lost: 0 bytes in 0 blocks ==3080147== possibly lost: 87,552 bytes in 4 blocks ==3080147== still reachable: 70,497 bytes in 402 blocks ==3080147== suppressed: 0 bytes in 0 blocks ==3080147== Rerun with --leak-check=full to see details of leaked memory ==3080147== ==3080147== For lists of detected and suppressed errors, rerun with: -s ==3080147== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Clean exit, no hang or segfault. It seems odd that the test runs differently this time, but it looks OK. $ rpm -qa | grep vim vim-common-9.1.1043-1.mga9 vim-enhanced-9.1.1043-1.mga9 vim-X11-9.1.1043-1.mga9 vim-minimal-9.1.1043-1.mga9 lcl@yildun:~ $ ls /usr/bin/vim /usr/bin/vim@ lcl@yildun:~ $ ll /usr/bin/vim lrwxrwxrwx 1 root root 21 Jul 13 2023 /usr/bin/vim -> /etc/alternatives/vim*
Keywords: feedback => (none)Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0038.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED