[CLSA-2026:1782896270] Fix CVE(s): CVE-2026-55693, CVE-2026-57455, CVE-2026-57456
Type:
security
Severity:
Important
Release date:
2026-07-01 08:58:09 UTC
Description:
* SECURITY UPDATE: Out-of-bounds write in tree_count_words() in src/spellfile.c when a crafted .spl/.sug spell-file pair loaded during spell suggestion drives the word-trie descent past the end of the MAXWLEN-sized arridx, curi and wordcount stack arrays - debian/patches/CVE-2026-55693.patch: bound the descent in tree_count_words() and sug_filltree() with depth < MAXWLEN - 1, matching the sibling trie walkers, so the depth index can no longer run past the fixed MAXWLEN-sized arrays - CVE-2026-55693 * SECURITY UPDATE: Out-of-bounds write in spell_soundfold_sofo() in src/spell.c when a word longer than MAXWLEN is sound-folded through a spell file's SOFO byte map while a SOFO-based spell language is active, writing past the end of the caller's MAXWLEN-sized result buffer - debian/patches/CVE-2026-57455.patch: bound the single-byte SOFO translation loop in spell_soundfold_sofo() with ri < MAXWLEN - 1 so the output index can no longer run past the fixed MAXWLEN-sized result buffer - CVE-2026-57455 * SECURITY UPDATE: Code execution via Python omni-completion inserting buffer-derived docstrings verbatim between triple quotes in the reconstructed source run through exec(), letting a crafted docstring break out of the triple-quoted literal and execute attacker-controlled code - debian/patches/CVE-2026-57456.patch: use repr() to quote docstrings in the Scope, Class, and Function get_code() methods of python3complete and pythoncomplete so docstring text can no longer break out of the generated string literal - CVE-2026-57456
Updated packages:
  • vim_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:812e4d46235341fb64b840642cf9a30e787d01e5
  • vim-athena_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:6389e1643a4e00def9ea34b491c8692478a0df04
  • vim-common_8.1.0875-5+deb10u6+tuxcare.els23_all.deb
    sha:3cf11ce636051ed39931ea67369e9888b0dea917
  • vim-doc_8.1.0875-5+deb10u6+tuxcare.els23_all.deb
    sha:22aa16a25acfc7945766860c8573217d94c02b54
  • vim-gtk_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:4067125e0ab13a6120932332649e6ac9cccaa7bd
  • vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:0224c1a4e7d62cd87ca794c0881ce354feaf9e43
  • vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els23_all.deb
    sha:b8dc4aba98806983170bd35890f23ee462cfcd48
  • vim-nox_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:60478a1898fe8f413994f71572f2214dbd50933e
  • vim-runtime_8.1.0875-5+deb10u6+tuxcare.els23_all.deb
    sha:9c8eaef816b634979a3f7c711958c219c0bd30c7
  • vim-tiny_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:9f0c51c2b2a851a777fe51d003c8cb395e2b133e
  • xxd_8.1.0875-5+deb10u6+tuxcare.els23_amd64.deb
    sha:e9a7a971fa3ec273a03960b21707cb3334c3d3aa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.