Release date:
2026-05-22 07:58:00 UTC
Description:
- CVE-2026-42307: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters (runtime/autoload/netrw.vim, upstream patch 9.2.0383)
Updated packages:
-
vim-X11-8.0.1763-19.el8.4.tuxcare.els15.x86_64.rpm
sha:72d7daf1f68cd0b40494e8c2e919eecd67afae4d725b8ac92904aca11890a1f8
-
vim-common-8.0.1763-19.el8.4.tuxcare.els15.x86_64.rpm
sha:ed001d74defa4ab41e01077d56da4a372a2bbe7f2e449bc9d40fe653ac4010b3
-
vim-enhanced-8.0.1763-19.el8.4.tuxcare.els15.x86_64.rpm
sha:035798fdb4e32b8561b83b3ac8f0b9b7d9b20646186d7f552852c9de87f59c44
-
vim-filesystem-8.0.1763-19.el8.4.tuxcare.els15.noarch.rpm
sha:0d9b79e6848fd6c089cb3cf23e36f64f9bd3a8b5670016ecf9f1adff249280f2
-
vim-minimal-8.0.1763-19.el8.4.tuxcare.els15.x86_64.rpm
sha:7216ff5919adb43b756da32f560f162452c7f49c37348a7801798a917022cce9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
