[CLSA-2026:1774345469] vim: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-03-24 09:44:34 UTC
Description:
- CVE-2026-28417: fix OS command injection via shell metacharacters in netrw URI hostname and port - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery due to unvalidated pointer block fields
Updated packages:
  • vim-X11-8.2.2637-22.el9_6.1.tuxcare.els4.x86_64.rpm
    sha:d6b834c9030ba3b4167b3a081ef9e00a440996c39f85ab66f591a5fc45c88f53
  • vim-common-8.2.2637-22.el9_6.1.tuxcare.els4.x86_64.rpm
    sha:89c378094e6936acd89a5b00f6b7341a10f79d79bf0749dcd2fba89aeb6bb815
  • vim-enhanced-8.2.2637-22.el9_6.1.tuxcare.els4.x86_64.rpm
    sha:b01177b5e773d2f05decd0b26bb42c6ac53420f7049499cefca7ab3f7afef8f6
  • vim-filesystem-8.2.2637-22.el9_6.1.tuxcare.els4.noarch.rpm
    sha:09c93bbda46ff8062d8dde7e96543c6fd1828f0ff848f567805cb9e2a648a184
  • vim-minimal-8.2.2637-22.el9_6.1.tuxcare.els4.x86_64.rpm
    sha:73fb3a8b9c01b0f1e5807c8fe70c4673aeb187ea3e69dbf9a3bad678f624ccce
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.