Release date:
2026-03-27 12:31:14 UTC
Description:
- CVE-2026-28417: fix OS command injection in netrw plugin via crafted
scp:// URIs by adding strict RFC1123 hostname validation and using
shellescape() for hostname and port values.
- CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery
by adding bounds checks on pe_page_count, pe_bnum, pe_old_lnum and
pe_line_count before descending into the block tree.
Updated packages:
-
vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:1a21d86168ecb1d830c768242a253af20ade5a805b5631325050f54a39a97b76
-
vim-common-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:6553b5fe226555a97613b811e61ddf10045a82ea82f18d8e1c4b6da021f03f4b
-
vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:dea589b34e2651ccd72db5c18df0021c06f04f38498b3ca21e9a622dddd30963
-
vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:062ae74da9d918f9ebb6d8d3bdb89a9cee4f6f2a52e0a4fa54472c674c300fc6
-
vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:fefab4da22fc22c29d1f34f2e7f2acd219003e0a939cb40a862566d49fb31d93
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
