Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 611386 (CVE-2017-6349, CVE-2017-6350)

Summary: <app-editors/{vim,gvim}-8.0.0386: two integer overflow
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: asl, joshuabaergen, vim
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
=app-editors/vim-8.0.0386 =app-editors/vim-core-8.0.0386 =app-editors/gvim-8.0.0386
 Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-03-02 09:04:12 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=1427945:

An integer overflow at an unserialize_uep memory allocation site would occur for vim, as it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. 

Upstream bug:

https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y

Upstream patch:

https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75



From https://bugzilla.redhat.com/show_bug.cgi?id=1427944:

An integer overflow at a u_read_undo memory allocation site would occur for vim, as it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Upstream bug:

https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y

Upstream patch:

https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Tim Harder gentoo-dev 2017-03-02 17:30:40 UTC 
A newer version of vim is already in the tree. If you want to stabilize that, go ahead.
Comment 2 Stabilization helper bot gentoo-dev 2017-03-02 19:01:00 UTC 
An automated check of this bug failed - repoman reported dependency errors (105 lines truncated): 

> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['~app-editors/vim-core-8.0.0386']
> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['~app-editors/vim-core-8.0.0386']
> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['~app-editors/vim-core-8.0.0386']
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-03 09:03:01 UTC 
amd64 stable
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-03-03 09:35:01 UTC 
arm arm64 ppc ppc64 stable.
Comment 5 Joshua Baergen 2017-03-03 15:33:31 UTC 
Does gvim need to be updated as well?
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2017-03-03 16:00:28 UTC 
(In reply to Joshua Baergen from comment #5)
> Does gvim need to be updated as well?

Yes, good catch.

Re-adding arches.
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-03-03 19:17:10 UTC 
Stable on alpha.
Comment 8 Arnaud Launay 2017-03-04 11:27:42 UTC 
Hello,
gvim needs to get its stable keyword too, right now you can't emerge it, it's blocked by vim-core.
Comment 9 Agostino Sarubbo gentoo-dev 2017-03-04 13:38:40 UTC 
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-03-04 13:46:54 UTC 
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2017-03-04 14:03:59 UTC 
sparc stable
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-05 01:00:29 UTC 
Stable for HPPA PPC64.
Comment 13 Markus Meier gentoo-dev 2017-03-08 05:58:55 UTC 
arm stable
Comment 14 Michael Weber (RETIRED) gentoo-dev 2017-03-10 16:19:23 UTC 
ppc stable.
Comment 15 Michael Weber (RETIRED) gentoo-dev 2017-03-10 16:20:28 UTC 
gvim isn't keyworded for arm64, rest was stabled in the first round.
Comment 16 Agostino Sarubbo gentoo-dev 2017-03-11 17:20:03 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev 2017-03-24 05:29:44 UTC 
Maintainer(s), Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 18 Yury German Gentoo Infrastructure gentoo-dev 2017-04-11 05:42:50 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 19 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-04 12:47:56 UTC 
Cleanup PR: https://github.com/gentoo/gentoo/pull/4847
Comment 20 Patrice Clement (RETIRED) gentoo-dev 2017-06-06 17:44:28 UTC 
Thanks Whissi for the PR! 

Security please proceed.
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2017-06-22 19:20:24 UTC 
This issue was resolved and addressed in
 GLSA 201706-26 at https://security.gentoo.org/glsa/201706-26
by GLSA coordinator Kristian Fiskerstrand (K_F).