Описание
Security update for vim
This update for vim fixes the following issues:
- Update Vim to version 9.2.0110 that includes security fixes for:
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-26269: stack buffer overflow in Vim's NetBeans integration when processing the specialKeys command (bsc#1258229).
- CVE-2025-53906: path traversal in Vim's zip.vim plugin (bsc#1246602).
- Other changes:
- Add wayland-client to BuildRequires and enable Wayland support.
- Add Wayland include path to CFLAGS to fix clipboard compilation.
- Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8).
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1246602
- SUSE Bug 1258229
- SUSE Bug 1259051
- SUSE CVE CVE-2025-53906 page
- SUSE CVE CVE-2026-26269 page
- SUSE CVE CVE-2026-28417 page
Описание
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-53906
- SUSE Bug 1246602
Описание
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.
Затронутые продукты
Ссылки
- CVE-2026-26269
- SUSE Bug 1258229
Описание
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2026-28417
- SUSE Bug 1259051