Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 611386 (CVE-2017-6349, CVE-2017-6350) - <app-editors/{vim,gvim}-8.0.0386: two integer overflow
Summary: <app-editors/{vim,gvim}-8.0.0386: two integer overflow
Status: RESOLVED FIXED
Alias: CVE-2017-6349, CVE-2017-6350
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-02 09:04 UTC by Agostino Sarubbo
Modified: 2017-06-22 19:20 UTC (History)
3 users (show)

See Also:
Package list:
=app-editors/vim-8.0.0386 =app-editors/vim-core-8.0.0386 =app-editors/gvim-8.0.0386
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-03-02 09:04:12 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=1427945:

An integer overflow at an unserialize_uep memory allocation site would occur for vim, as it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. 

Upstream bug:

https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y

Upstream patch:

https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75



From https://bugzilla.redhat.com/show_bug.cgi?id=1427944:

An integer overflow at a u_read_undo memory allocation site would occur for vim, as it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Upstream bug:

https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y

Upstream patch:

https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Tim Harder gentoo-dev 2017-03-02 17:30:40 UTC
A newer version of vim is already in the tree. If you want to stabilize that, go ahead.
Comment 2 Stabilization helper bot gentoo-dev 2017-03-02 19:01:00 UTC
An automated check of this bug failed - repoman reported dependency errors (105 lines truncated): 

> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['~app-editors/vim-core-8.0.0386']
> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['~app-editors/vim-core-8.0.0386']
> dependency.bad app-editors/vim/vim-8.0.0386.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['~app-editors/vim-core-8.0.0386']
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-03 09:03:01 UTC
amd64 stable
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-03-03 09:35:01 UTC
arm arm64 ppc ppc64 stable.
Comment 5 Joshua Baergen 2017-03-03 15:33:31 UTC
Does gvim need to be updated as well?
Comment 6 Thomas Deutschmann gentoo-dev Security 2017-03-03 16:00:28 UTC
(In reply to Joshua Baergen from comment #5)
> Does gvim need to be updated as well?

Yes, good catch.

Re-adding arches.
Comment 7 Tobias Klausmann gentoo-dev 2017-03-03 19:17:10 UTC
Stable on alpha.
Comment 8 Arnaud Launay 2017-03-04 11:27:42 UTC
Hello,
gvim needs to get its stable keyword too, right now you can't emerge it, it's blocked by vim-core.
Comment 9 Agostino Sarubbo gentoo-dev 2017-03-04 13:38:40 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-03-04 13:46:54 UTC
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2017-03-04 14:03:59 UTC
sparc stable
Comment 12 Jeroen Roovers gentoo-dev 2017-03-05 01:00:29 UTC
Stable for HPPA PPC64.
Comment 13 Markus Meier gentoo-dev 2017-03-08 05:58:55 UTC
arm stable
Comment 14 Michael Weber (RETIRED) gentoo-dev 2017-03-10 16:19:23 UTC
ppc stable.
Comment 15 Michael Weber (RETIRED) gentoo-dev 2017-03-10 16:20:28 UTC
gvim isn't keyworded for arm64, rest was stabled in the first round.
Comment 16 Agostino Sarubbo gentoo-dev 2017-03-11 17:20:03 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-24 05:29:44 UTC
Maintainer(s), Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 18 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-11 05:42:50 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 19 Thomas Deutschmann gentoo-dev Security 2017-06-04 12:47:56 UTC
Cleanup PR: https://github.com/gentoo/gentoo/pull/4847
Comment 20 Patrice Clement gentoo-dev 2017-06-06 17:44:28 UTC
Thanks Whissi for the PR! 

Security please proceed.
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2017-06-22 19:20:24 UTC
This issue was resolved and addressed in
 GLSA 201706-26 at https://security.gentoo.org/glsa/201706-26
by GLSA coordinator Kristian Fiskerstrand (K_F).