[CLSA-2026:1782984730] vim: Fix of 5 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-02 09:32:33 UTC
Description:
- CVE-2026-47167: use Ruby's Regexp.new() instead of Kernel.eval() in the cucumber filetype plugin's s:stepmatch() so untrusted step-definition patterns are treated as inert regex data, preventing Ruby (and shell) code injection when jumping to a step in an attacker-controlled repository (runtime/ftplugin/cucumber.vim, upstream vim 9.2.0496)
Updated packages:
  • vim-X11-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
    sha:648f411da9e87c6df48d89f31d827dfa3aa254ae5b5bf3a98e53b96c988a88fe
  • vim-common-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
    sha:cfad15caa0400ccc38652be73ed396fd0538138e017e9f40526d8b69486f57d4
  • vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
    sha:70a1897c9e2e9e35236bb87ec4a9010c913f002dae5e638759d6278a35a404e6
  • vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els36.noarch.rpm
    sha:6a13d4aee4f4fcba275c8ecfc85c44acffe168b5f9b357157e651ababfe538f5
  • vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
    sha:d64b80ccbc26df659374da0c81d95603972b93b3e500bc5e9776429d2ca560ac
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.