Release date:
2026-05-27 20:10:48 UTC
Description:
- CVE-2026-42307: fix shell-injection in netrw via crafted sftp:// and
file:// URLs by escaping the tempfile name and restricting the
filename-suffix regex to word characters (runtime/autoload/netrw.vim,
upstream patch 9.2.0383)
Updated packages:
-
vim-X11-9.0.2153-1.amzn2.0.6.tuxcare.els2.x86_64.rpm
sha:7016dcd13e3c1f41aafdb53c9e948bbc5e0f13e8ef03742cb0162e27665732e0
-
vim-common-9.0.2153-1.amzn2.0.6.tuxcare.els2.x86_64.rpm
sha:f9a760044135d619914e1a9e360de001fc71a0570ace3f40195ad5980f5c46d9
-
vim-data-9.0.2153-1.amzn2.0.6.tuxcare.els2.noarch.rpm
sha:f5b93d7bc606acdf799e811bb12ed9438d7d60af777aafdd2be04c8985c21695
-
vim-enhanced-9.0.2153-1.amzn2.0.6.tuxcare.els2.x86_64.rpm
sha:d7f34eb6e2f907d6455ee65faaab27b2a17f35a05499b5c6dcd2bb57fac93a2b
-
vim-filesystem-9.0.2153-1.amzn2.0.6.tuxcare.els2.noarch.rpm
sha:3dc4f3a772bda039b75b80894f0c9e4701b1c2dd4c41a65da93f547bceb60c08
-
vim-minimal-9.0.2153-1.amzn2.0.6.tuxcare.els2.x86_64.rpm
sha:f5cc8afa9abdb5935d0324e7811a2e98683b10cb0f9d596cf2d51bfaea079c87
-
xxd-9.0.2153-1.amzn2.0.6.tuxcare.els2.x86_64.rpm
sha:8967bc8fd705aa5c0ac950a235d46f56004f4eb1a0b3f086fde9789240c76ef0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
