Release date:
2026-05-21 15:42:59 UTC
Description:
- CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp://
URLs by hardening the tempfile suffix regex and escaping the tempfile
argument before passing it to the sftp command
Updated packages:
-
vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:c6072fcfdceb4012507b4065aace4ce0f2c6448379c0ceca13d164c539a8ffb6
-
vim-common-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:0d4ee51f7b53b372fe3c77c9798e5ec00e1cc58e82580b1720243dc12e5ac6c5
-
vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:7c0809bc8cc806b9209a80860be542178c2419aa05b8736e68004ebbb200617d
-
vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:1e6dd030e6cfe81cc5aaf334f9dace9394cca35b9cd5638897766efc912eccd1
-
vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:fd355a983c5ecfe88cdfc1522fbb444e35de901869118235f50671cb7dd8ef3d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
