[CLSA-2026:1774346288] vim: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-03-24 09:58:12 UTC
Description:
- CVE-2026-28417: fix OS command injection via shell metacharacters in netrw URI hostname and port - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery due to unvalidated pointer block fields
Updated packages:
  • vim-X11-8.2.2637-22.el9_1.1.tuxcare.els4.x86_64.rpm
    sha:06f57cef8cab5ef03f690b6f3c908877310ae9e607dfdb419dc9ba1de6369652
  • vim-common-8.2.2637-22.el9_1.1.tuxcare.els4.x86_64.rpm
    sha:0165782eda972192259c5ea4966aaf96b6176a0101cc97fb1fc43602a3b375b7
  • vim-enhanced-8.2.2637-22.el9_1.1.tuxcare.els4.x86_64.rpm
    sha:52fb6f0d70cd709f3c23fae6a478a10c1924f32cb475ba35d7f5f55c984aa80d
  • vim-filesystem-8.2.2637-22.el9_1.1.tuxcare.els4.noarch.rpm
    sha:6b8e62e7f97bdb2b544f31187d66418cf39bfa9aee8b00cb6214e03e8ed26090
  • vim-minimal-8.2.2637-22.el9_1.1.tuxcare.els4.x86_64.rpm
    sha:edcbf3d1d36c8a1b0629b2b9afbf24ee34077be27081afd1528343bc23901307
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.