Release date:
2026-07-06 11:52:18 UTC
Description:
- CVE-2026-55693: out-of-bounds write in tree_count_words() and sug_filltree() when walking a crafted spell-file word trie deeper than MAXWLEN; bound the descent depth (src/spellfile.c)
- CVE-2026-55892: stack out-of-bounds write in dump_prefixes() on :spelldump with a crafted prefix trie exceeding MAXWLEN; bound the descent depth (src/spell.c)
- CVE-2026-57455: stack out-of-bounds write in spell_soundfold_sofo() when soundfold() is given an over-length word with an active SOFO spell table; add the missing length guard to the single-byte path (src/spell.c)
- CVE-2026-57456: code execution in Python omni-completion: buffer-supplied docstrings were emitted inside triple-quoted literals passed to exec(), allowing breakout; quote them with repr() (runtime/autoload/python3complete.vim, pythoncomplete.vim)
Updated packages:
-
vim-X11-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
sha:3fb3dfc6be733d1e963b50786ef91d9491232c0663feca21f1547e5db01b11d2
-
vim-common-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
sha:7ac14a53d7b8ce919653764f026b2980a172efbe62f8149d56620b892d5d5bdb
-
vim-data-9.0.2153-1.amzn2.0.7.tuxcare.els2.noarch.rpm
sha:1da07c85ac9b8a6b1914c9b0e6e0178506d1386da47ee5c6e49f3274ec48d8dc
-
vim-enhanced-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
sha:72e5cba7d5525bb833f6db8aec73a775667bc96268d8c4684a90d84892c1c9f9
-
vim-filesystem-9.0.2153-1.amzn2.0.7.tuxcare.els2.noarch.rpm
sha:a7ed871e881c95a1f111d31d1c090468a6e196d64392abdd8e28eadbed936ca8
-
vim-minimal-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
sha:daaa40cb382d0dee7236408482b3914022e6b0cbf64e88aac30e0b49f132cdbe
-
xxd-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
sha:b481be224ee3574f268b8262d7c314c250330024a7ddb054a00642b8ce2b1c84
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.