[CLSA-2026:1783338716] vim: Fix of 4 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-06 11:52:18 UTC
Description:
- CVE-2026-55693: out-of-bounds write in tree_count_words() and sug_filltree() when walking a crafted spell-file word trie deeper than MAXWLEN; bound the descent depth (src/spellfile.c) - CVE-2026-55892: stack out-of-bounds write in dump_prefixes() on :spelldump with a crafted prefix trie exceeding MAXWLEN; bound the descent depth (src/spell.c) - CVE-2026-57455: stack out-of-bounds write in spell_soundfold_sofo() when soundfold() is given an over-length word with an active SOFO spell table; add the missing length guard to the single-byte path (src/spell.c) - CVE-2026-57456: code execution in Python omni-completion: buffer-supplied docstrings were emitted inside triple-quoted literals passed to exec(), allowing breakout; quote them with repr() (runtime/autoload/python3complete.vim, pythoncomplete.vim)
Updated packages:
  • vim-X11-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
    sha:3fb3dfc6be733d1e963b50786ef91d9491232c0663feca21f1547e5db01b11d2
  • vim-common-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
    sha:7ac14a53d7b8ce919653764f026b2980a172efbe62f8149d56620b892d5d5bdb
  • vim-data-9.0.2153-1.amzn2.0.7.tuxcare.els2.noarch.rpm
    sha:1da07c85ac9b8a6b1914c9b0e6e0178506d1386da47ee5c6e49f3274ec48d8dc
  • vim-enhanced-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
    sha:72e5cba7d5525bb833f6db8aec73a775667bc96268d8c4684a90d84892c1c9f9
  • vim-filesystem-9.0.2153-1.amzn2.0.7.tuxcare.els2.noarch.rpm
    sha:a7ed871e881c95a1f111d31d1c090468a6e196d64392abdd8e28eadbed936ca8
  • vim-minimal-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
    sha:daaa40cb382d0dee7236408482b3914022e6b0cbf64e88aac30e0b49f132cdbe
  • xxd-9.0.2153-1.amzn2.0.7.tuxcare.els2.x86_64.rpm
    sha:b481be224ee3574f268b8262d7c314c250330024a7ddb054a00642b8ce2b1c84
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.