[CLSA-2026:1781082176] vim: Fix of CVE-2026-41411
Type:
security
Severity:
Important
Release date:
2026-06-10 09:03:19 UTC
Description:
- CVE-2026-41411: fix command injection via backticks in tag file filenames by disallowing backtick expansion in expand_tag_fname() (src/tag.c, upstream patch 9.2.0357)
CVEs fixed:
Updated packages:
  • vim-X11-8.0.1763-19.el8.4.tuxcare.els17.x86_64.rpm
    sha:83737f3a5e9794fa5db12516ed798dc6524e0597b822db60dbc36b889f3b4027
  • vim-common-8.0.1763-19.el8.4.tuxcare.els17.x86_64.rpm
    sha:8d34ac7599f75ef963c24ad27fc63c2586372019676ad843c8a60956a282a8af
  • vim-enhanced-8.0.1763-19.el8.4.tuxcare.els17.x86_64.rpm
    sha:6c9ec0911e2d3471f8c59d2dd5cb38ae281610285e60ad2f15fb4ad863024208
  • vim-filesystem-8.0.1763-19.el8.4.tuxcare.els17.noarch.rpm
    sha:d76064374e58fa389cb6c140101f7ddcd7ca1bba282bae5c31f0c8c9a391458f
  • vim-minimal-8.0.1763-19.el8.4.tuxcare.els17.x86_64.rpm
    sha:a7b191f1f218ac05a40c0399cda2b6572cba7f1a2d656dfa662f10dbd1d1cd63
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.