[CLSA-2026:1780487719] vim: Fix of CVE-2026-46483
Type:
security
Severity:
Important
Release date:
2026-06-03 11:57:21 UTC
Description:
- CVE-2026-46483: command injection in tar#Vimuntar() when decompressing .tgz archives, via a crafted filename expanded through cmdline-special; fixed by using the shellescape(args, 1) form for the :! command (runtime/autoload/tar.vim)
CVEs fixed:
Updated packages:
  • vim-X11-9.0.2153-1.amzn2.0.6.tuxcare.els3.x86_64.rpm
    sha:a4d24bf47d2346b9b9a420ae9ec54b6a54835924ccd33d76f89233d75b6609e6
  • vim-common-9.0.2153-1.amzn2.0.6.tuxcare.els3.x86_64.rpm
    sha:87adeb5ece6eadf1d2e867e0ed28186a5158b57c99a8b64374771a87ee6ce6ac
  • vim-data-9.0.2153-1.amzn2.0.6.tuxcare.els3.noarch.rpm
    sha:d789ceab40fb2d0dd92c531684edf2a9448201f7896e26391967bd2d831cbb36
  • vim-enhanced-9.0.2153-1.amzn2.0.6.tuxcare.els3.x86_64.rpm
    sha:8eff33c889a644f43c4f00848b327b1f2981c449560a4a8c3cc22cb8d8303c36
  • vim-filesystem-9.0.2153-1.amzn2.0.6.tuxcare.els3.noarch.rpm
    sha:ccf6bf32830dce22f4787466d89ffd469b898503d61c0cff17586c93938eb64c
  • vim-minimal-9.0.2153-1.amzn2.0.6.tuxcare.els3.x86_64.rpm
    sha:e4f170b98504dad01210e83c5e8daeaa9be40bd4eeb85e852fb281c864252038
  • xxd-9.0.2153-1.amzn2.0.6.tuxcare.els3.x86_64.rpm
    sha:ab3ff40ec2ac69466e3d26488c951ddcbaa1a9feec028931f94654ad5e95d845
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.