[CLSA-2026:1784189693] vim: Fix of CVE-2026-59857
Type:
security
Severity:
Moderate
Release date:
2026-07-16 08:15:16 UTC
Description:
- CVE-2026-59857: bound the single-byte SAL result writes and the terminating NUL to MAXWLEN - 1 in spell_soundfold_sal() to prevent a stack out-of-bounds write with a crafted spell file (src/spell.c, upstream vim 9.2.0725)
CVEs fixed:
Updated packages:
  • vim-X11-8.2.2637-22.el9_2.1.tuxcare.els39.x86_64.rpm
    sha:ea6c3f2f94a83ba1a1f96c499740784ca9d0d6fe796585c2351ddf1810bce489
  • vim-common-8.2.2637-22.el9_2.1.tuxcare.els39.x86_64.rpm
    sha:0793f5a34e07b734ee7ece318a9d972c6f75572c315119cfbc1b6c2efe35e769
  • vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els39.x86_64.rpm
    sha:840b735fe3d1e19907673a570b575f21a48200a78e5a9242f50177034d1122cb
  • vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els39.noarch.rpm
    sha:b329794eb113917e92874b7c32888128b16f52301c7f56be0cda03e91f191246
  • vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els39.x86_64.rpm
    sha:9b1f701b395dd62e32ba324412defaa1687e82e6f1b94c1a285657b1acdd6853
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.