Release date:
2026-05-26 18:50:44 UTC
Description:
- CVE-2026-44656: fix shell command execution via backticks in 'path' option
during file completion by skipping backtick entries in expand_path_option()
(findfile.c, upstream patches 9.2.0435 and 9.2.0444; the P_SECURE-on-'path'
portion of 9.2.0435 was reverted by 9.2.0444 and is intentionally not
backported)
Updated packages:
-
vim-X11-8.2.2637-22.el9_2.1.tuxcare.els32.x86_64.rpm
sha:d7cbf951780b12e3fbdb5bdab98dd152af0052dc0478d3c42285ff5c3cffbea7
-
vim-common-8.2.2637-22.el9_2.1.tuxcare.els32.x86_64.rpm
sha:595dd84af169903aa54e174bb817767157908be00aaed1b644f1124f686b6402
-
vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els32.x86_64.rpm
sha:4249a4a0675195a6e1cdfb10754f6a9e261eea4e411be99e7b5178dfe201f5bf
-
vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els32.noarch.rpm
sha:dbba53675f1ca86156aa0e3d3b5ea7aa8c09b849df073e6ef8aca9d8db5d9577
-
vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els32.x86_64.rpm
sha:e31e910bfcda3aea456c895742046fd130176dcade6aabe7936bae096956bf59
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
