Release date:
2026-05-20 12:20:32 UTC
Description:
- CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp://
URLs by hardening the tempfile suffix regex and escaping the tempfile
argument before passing it to the sftp command
Updated packages:
-
vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:4934311fba84f14e8b796f8417935edf9223e4920c9a4f4be58e813163a5c0ff
-
vim-common-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:a31e78f742547e75b8486fe2a0eaf14bf0a2abb2c187667a6d9707f405f03aa7
-
vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:31b2653e98aad151b64ef3fe0bdcaea9d2f8c3b7f30a416aacd9cd078aa02dd4
-
vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:567d49f8fcaf78c5b0eba46a0e94c21c0a431e5b897e4d0afb3e34487a871ebd
-
vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els16.x86_64.rpm
sha:e49f3e9db200365cd75bb7b2a9288df5b72b6dba733bde4f12a8ca454a11399f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
