Release date:
2026-06-22 18:06:10 UTC
Description:
- CVE-2026-52858: code execution via crafted Python module in omni-completion: exec() ran from/import statements in attacker-controlled buffers; fixed by disabling exec of import/from (runtime/autoload/python3complete.vim, pythoncomplete.vim, upstream patch 9.2.0561)
- CVE-2026-52859: out-of-bounds read in update_snapshot() when a terminal cell fills all six VTERM_MAX_CHARS_PER_CELL combining-character slots; the unterminated cell.chars[] loop walked past the array and appended OOB values into the scrollback buffer (src/terminal.c, upstream patch 9.2.0565)
- CVE-2026-52860: code execution via crafted Python def/class headers in omni-completion: parameter default-values, annotations, and base-class expressions were passed to exec() and evaluated; fixed by stripping defaults/annotations and whitelisting base-class expressions to dotted names (runtime/autoload/python3complete.vim, pythoncomplete.vim, upstream patch 9.2.0597)
Updated packages:
-
vim-X11-9.0.2153-1.amzn2.0.6.tuxcare.els5.x86_64.rpm
sha:12f6d1c7fd077e0071f304e6b0e76b40c73d679fe4f4477b93ce24e62c9fb317
-
vim-common-9.0.2153-1.amzn2.0.6.tuxcare.els5.x86_64.rpm
sha:3117304c34ef499356b07e909e71758eca6c88568ffdfc149732f1f9687831e7
-
vim-data-9.0.2153-1.amzn2.0.6.tuxcare.els5.noarch.rpm
sha:721ba148150a86271c0274fbaf126b0449205345eb7ba462cdb62b271edff37e
-
vim-enhanced-9.0.2153-1.amzn2.0.6.tuxcare.els5.x86_64.rpm
sha:f77f93d86da916239005854bdcb991ccc4d92b71895fd9a3ef014ae69154d815
-
vim-filesystem-9.0.2153-1.amzn2.0.6.tuxcare.els5.noarch.rpm
sha:9f6cfbe9d9fc475f0c71d63142788e8361abaab3fa19386cb7fb8c26977a6e7a
-
vim-minimal-9.0.2153-1.amzn2.0.6.tuxcare.els5.x86_64.rpm
sha:5e518d4c45062876f2963e4b267380e431ddcca289607e9fe38f57477d7b0879
-
xxd-9.0.2153-1.amzn2.0.6.tuxcare.els5.x86_64.rpm
sha:87b2a942bfc20bf79db0a399e552dd499922759ec29ec6c029f3b9064738ea4e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
