Описание
Security update for vim
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Basesystem 15 SP7
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server 15 SP6-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2026:0910-1
- E-Mail link for SUSE-SU-2026:0910-1
- SUSE Security Ratings
- SUSE Bug 1246602
- SUSE Bug 1258229
- SUSE Bug 1259051
- SUSE CVE CVE-2025-53906 page
- SUSE CVE CVE-2026-26269 page
- SUSE CVE CVE-2026-28417 page
Описание
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-53906
- SUSE Bug 1246602
Описание
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.
Затронутые продукты
Ссылки
- CVE-2026-26269
- SUSE Bug 1258229
Описание
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2026-28417
- SUSE Bug 1259051