Release date:
2026-05-04 10:07:26 UTC
Description:
- CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify() to
detect attacks that circumvent the previous regex-only check
- CVE-2026-39881: fix command injection in netbeans interface via unsanitized
defineAnnoType and specialKeys parameters
Updated packages:
-
vim-X11-8.2.2637-22.el9_6.1.tuxcare.els18.x86_64.rpm
sha:6ef7585b6cba68e62fd359b588a1e07ac3111735c8e3372e1ac56aec5742d445
-
vim-common-8.2.2637-22.el9_6.1.tuxcare.els18.x86_64.rpm
sha:2ce4a01e59db09d141cde0065af86e764f7164e53cc344fcbd88257cb3626887
-
vim-enhanced-8.2.2637-22.el9_6.1.tuxcare.els18.x86_64.rpm
sha:e1d1545f732585f85527914fa8e208ac28f77f72499ccc2aa8b26454eb1fba2d
-
vim-filesystem-8.2.2637-22.el9_6.1.tuxcare.els18.noarch.rpm
sha:3f7fe429f7c72a4f0a917edae449c83f4c666064d93b45bb36d5d1d4e8951ed1
-
vim-minimal-8.2.2637-22.el9_6.1.tuxcare.els18.x86_64.rpm
sha:fae3c2df847fa8ab5beda2636a694b4c543dc32ea9e5f5f24dc9351d26d58d81
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
