[CLSA-2026:1781535483] Fix CVE(s): CVE-2026-47162
Type:
security
Severity:
Important
Release date:
2026-06-15 15:01:04 UTC
Description:
* SECURITY UPDATE: code injection in the netrw plugin via directory history serialization: s:NetrwBookHistSave() wrote each directory history entry into the generated .netrwhist script by concatenating the raw value inside single quotes, so a directory name containing a single quote and vimscript was evaluated when the history file was sourced. - debian/patches/CVE-2026-47162.patch: quote the value with string() so the history entry is emitted as a safe vimscript string literal, in runtime/autoload/netrw.vim; matches upstream patch 9.2.0495. - CVE-2026-47162
CVEs fixed:
Updated packages:
  • vim_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:bf031cd2116725c0029678facb375ad2ae314966
  • vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:f2718adb130af26fd23408e40e0d0c11c109be10
  • vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:980c1676b2c53762b7bc08d8d10da2ad73bb54c3
  • vim-common_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:f3c6b54ae8371b677d77c61c9f2308fc394e60a1
  • vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els68_all.deb
    sha:1a7e16422d63871851b2abdd8bccd422e1cd7f7e
  • vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:d67b375f94ebd1e04902f20a991097eccd6fb367
  • vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:94da05a201a7fa14ab76946a9512aaac8610cad4
  • vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:e6bf28bef3849164cfe2aea109cd773316886127
  • vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:f3b4fef1bf0940da14e09e307429062a63f37caa
  • vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:413e060fe6850c4b8973fec1b9a7339b5c753759
  • vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:02b93cd7510aaf5febe1984581507fe985f8a62b
  • vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els68_all.deb
    sha:d85e1f29ff28045d4b0520324997a9ab1d31075d
  • vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:8f8eebc129d1c3e0b901a7a531a6b586decf7bc1
  • vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:5e0670044866990364d5bea427a247d015d001bd
  • vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els68_all.deb
    sha:43b31a6102f91e9d50f01bee82f0219095c0e9c4
  • vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els68_amd64.deb
    sha:2573eda7f9e7cabb7cc241137a95fb9f61e02b4c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.