Release date:
2026-05-19 17:39:38 UTC
Description:
- CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp://
URLs by hardening the tempfile suffix regex and escaping the tempfile
argument before passing it to the sftp command
Updated packages:
-
vim-X11-7.4.629-5.2.el6.tuxcare.els51.x86_64.rpm
sha:faafd763283ac481394cb7c39d9d14b2149b00dfcef3abb08f268f3b2750fb85
-
vim-common-7.4.629-5.2.el6.tuxcare.els51.x86_64.rpm
sha:c5e4fe0203b023d7256b48f29ed1fa141dfec9d62d21c8c1b82cf23c7e9d90b8
-
vim-enhanced-7.4.629-5.2.el6.tuxcare.els51.x86_64.rpm
sha:63bf753dce4e982f69853e97a46c514bfb144e007fac96fd2ca163792ee19b37
-
vim-filesystem-7.4.629-5.2.el6.tuxcare.els51.x86_64.rpm
sha:bffce9f589cf48c123709f47ff9430ee7bb6408ffddd6b2b4acfd74b973cc84e
-
vim-minimal-7.4.629-5.2.el6.tuxcare.els51.x86_64.rpm
sha:cb20b1c21b64c7d045d03c09d18bb4c9606c958941dc8eaf4f53a9a1faa13b3c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
