[CLSA-2026:1782920014] Fix CVE(s): CVE-2026-55892
Type:
security
Severity:
Moderate
Release date:
2026-07-01 15:34:37 UTC
Description:
* SECURITY UPDATE: Stack out-of-bounds write in dump_prefixes() in src/spell.c during :spelldump when a crafted spell file containing a self-referential BY_INDEX node in the prefix tree drives the descent depth past the MAXWLEN-sized prefix[]/arridx[]/curi[] stack arrays - debian/patches/CVE-2026-55892.patch: bound the prefix-tree descent in dump_prefixes() with "else if (depth < MAXWLEN - 1)" so the depth index cannot exceed the MAXWLEN-sized stack arrays - CVE-2026-55892
CVEs fixed:
Updated packages:
  • vim_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:c4acb64221f9369f00ecde3ab94bb85f12a20050
  • vim-athena_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:e6f6f1574aaad9c6b83770a2c0d1f3f593d10092
  • vim-common_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
    sha:3edce2737f1e846c27b44bcaa9b2b2c293da4195
  • vim-doc_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
    sha:14ba827ead7d1c46ac1bf6a39de46a3dfe202c8e
  • vim-gtk_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:6600eb6a598399bc97b6bb258eef7158ec397b6d
  • vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:7b7bf89276649968263cc32cd976201afc56c201
  • vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
    sha:e1dffc82017ac170d63a4a487293682ef0954857
  • vim-nox_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:15ee34282fc9493e36c09f00058ec91df887bf52
  • vim-runtime_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
    sha:7e8fb32ae636da23740e0a39d9a3e97e10302324
  • vim-tiny_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:714e2ecf89f639aba2c0fabe2aa291e0660211e7
  • xxd_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
    sha:3f8b36c5f0c3f22785311c7a85cb687d99e59996
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.