vim-8.0.1763-22.el8_10.1.ML.1
エラータID: AXSA:2026-423:06
リリース日:
2026/04/14 Tuesday - 14:06
題名:
vim-8.0.1763-22.el8_10.1.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Vim には、ローカルの攻撃者により、不正なコマンドの実行を可能
とする脆弱性が存在します。(CVE-2026-28417)
- Vim には、ヒープベースのバッファオーバーフローの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2026-28421)
- Vim には、入力データのチェック処理に不備があるため、ローカルの
攻撃者により、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-33412)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
CVE-2026-28421
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
CVE-2026-33412
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-8.0.1763-22.el8_10.1.ML.1.src.rpm
MD5: ccd3ffdc49b89209e3298b6046923b15
SHA-256: 4275435d6456742b44f0790ae0d905125ac9ff6155ce7b09a91232de75b96641
Size: 10.73 MB
Asianux Server 8 for x86_64
- vim-common-8.0.1763-22.el8_10.1.ML.1.x86_64.rpm
MD5: 39a6ee0ea239de733ddc5929e253a0bf
SHA-256: 3c95e1a0e1297461b0fa1063cc3f98fed7efbe52b562348834796f5d1a540d53
Size: 6.34 MB - vim-enhanced-8.0.1763-22.el8_10.1.ML.1.x86_64.rpm
MD5: 9ff433a926ec2ee6777c4526f3a1b2a9
SHA-256: bcfecc127acadb5dfc9d2388cb080d96fdac0cb011a41ff0a7d5872dec27d56b
Size: 1.36 MB - vim-filesystem-8.0.1763-22.el8_10.1.ML.1.noarch.rpm
MD5: e62e0cec289e0236649a222aa1e1e6c7
SHA-256: 12a7f56df47adb76f55292dcce6d0c2ab4f1bc28bb7f4c992a709453161b1a2f
Size: 50.20 kB - vim-minimal-8.0.1763-22.el8_10.1.ML.1.x86_64.rpm
MD5: 679df73324bbe0fce9ca2a8b8909ecee
SHA-256: 8770d1cc636313a74c2a59321705336e1273b80e367dfaac260d3a17aed78705
Size: 574.95 kB - vim-X11-8.0.1763-22.el8_10.1.ML.1.x86_64.rpm
MD5: 64cde5812e864704a184004225e62eef
SHA-256: 9fdcdbaa5d5ecb52034698c0d3cc0b7967557470c511a590be4f2537f6aa7eed
Size: 1.50 MB
English