Release date:
2026-03-24 09:32:38 UTC
Description:
- CVE-2026-28417: fix OS command injection in netrw plugin via crafted
scp:// URIs by adding strict RFC1123 hostname validation and using
shellescape() for hostname and port values.
- CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery
by adding bounds checks on pe_page_count, pe_bnum, pe_old_lnum and
pe_line_count before descending into the block tree.
Updated packages:
-
vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:a6a17df9e92d2d5b937aefde98f9f1a75be659bd0bdeb990fdba8863cab5220b
-
vim-common-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:dc869f9f3ab31957c1c55ed76dbb26aad749189738ef23741cd61ac029487b4d
-
vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:5493113daff8f05a92851842ac38c382d39ed40c15e788e217740ead32dce96a
-
vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:dcceb6cd9a5c02833b2a6556d0a03e30e635f65d495e7407b3f1289c17398522
-
vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm
sha:2b67e3b555e1c36662eed3097853d0ad0236b26b97ea11b0a8af477f3fda3fa8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
