vim-8.2.2637-23.el9_7.2.ML.1
エラータID: AXSA:2026-447:08
リリース日:
2026/04/17 Friday - 18:44
題名:
vim-8.2.2637-23.el9_7.2.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Vim には、ローカルの攻撃者により、不正なコマンドの実行を可能
とする脆弱性が存在します。(CVE-2026-28417)
- Vim には、ヒープベースのバッファオーバーフローの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2026-28421)
- Vim には、入力データのチェック処理に不備があるため、ローカルの
攻撃者により、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-33412)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
CVE-2026-28421
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
CVE-2026-33412
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-8.2.2637-23.el9_7.2.ML.1.src.rpm
MD5: 9e7ff98d3c6174ca95bf06201a7e4edc
SHA-256: 3e24b9669faf1dfc5a79e54b80758a8f581eaad77bb659a312c907b38fade3e1
Size: 12.24 MB
Asianux Server 9 for x86_64
- vim-common-8.2.2637-23.el9_7.2.ML.1.x86_64.rpm
MD5: 4922b51b506ea58bf0e4ef75d2e9ec3b
SHA-256: f166f30c625d0dfd5d736222b67af5cb1d1f2d4f6d5e7c6a365d38deaf700f30
Size: 6.97 MB - vim-enhanced-8.2.2637-23.el9_7.2.ML.1.x86_64.rpm
MD5: 0d0426649cff102af41abc94509b5044
SHA-256: 89546ed2d690645487f44d0f6f286fd522efba07e36842c96eb6d0eefff4a8fb
Size: 1.75 MB - vim-filesystem-8.2.2637-23.el9_7.2.ML.1.noarch.rpm
MD5: 48ac82fc13e54c40e8199fec7ff8b0b0
SHA-256: fd4a9a743c4929884c1b710a2ae34b0bbe4d8ddfaf75554e36095142cf99ccff
Size: 10.08 kB - vim-minimal-8.2.2637-23.el9_7.2.ML.1.x86_64.rpm
MD5: d4e3152ba63482d4d5f933518ebee894
SHA-256: 7a4dbf12f976e1ef7dd8521f1780165b53f4a4e98032b6dc011d0d8238fb0408
Size: 670.27 kB - vim-X11-8.2.2637-23.el9_7.2.ML.1.x86_64.rpm
MD5: 08437cbcf1c553869c14e9462d1ed968
SHA-256: 8b3223624953680b1571454994f39940bf4c046d07a9985c4e1b0f4006725c3f
Size: 1.91 MB
English