[CLSA-2026:1782999239] vim: Fix of 4 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-02 13:34:20 UTC
Description:
- CVE-2026-55693: bound the trie-descent depth counter against the MAXWLEN-element stack arrays in tree_count_words() to prevent an out-of-bounds write when reading a crafted spell file (src/spellfile.c, upstream vim 9.2.0653) - CVE-2026-55892: bound the trie-descent depth counter in dump_prefixes() to prevent a stack out-of-bounds write with a crafted .spl spell file (src/spell.c, upstream vim 9.2.0662) - CVE-2026-57455: bound the single-byte SOFO result copy in spell_soundfold_sofo() to MAXWLEN-1 to prevent a stack out-of-bounds write when sound-folding long words (src/spell.c, upstream vim 9.2.0698) - CVE-2026-57456: use repr() on reconstructed docstrings in the python3 omni-completion so a hostile buffer cannot break out of the triple-quoted literal and execute arbitrary Python during completion (runtime/autoload/python3complete.vim, upstream vim 9.2.0699)
Updated packages:
  • vim-X11-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
    sha:d0856f5de2d10d54bc57e23840c663328072e6dbeac1c0dcd35f3fa53e6999d9
  • vim-common-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
    sha:965f75630f734ea6a003de34430f22a768ef7b693916bea3dbd3b96aa02d6e70
  • vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
    sha:9f68b4708ba46d1fa108a65f1c2982d74b0e218a380c3112e18cb13efb0526db
  • vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els37.noarch.rpm
    sha:593756ffacfd4abb4f829c158ade3726c28779570422b12c382b73597102aa65
  • vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
    sha:f3e006de39e04458cdf786d3684022ed3a3e1a470bb6760cf8713c1c44b43a6b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.