[CLSA-2026:1781258957] Fix CVE(s): CVE-2026-43961
Type:
security
Severity:
Moderate
Release date:
2026-06-12 10:09:34 UTC
Description:
* SECURITY UPDATE: code injection in the netrw plugin via the mf (mark file) command: s:NetrwMarkFile() embedded the marked filename into a filter() expression by string concatenation, so a crafted filename containing vimscript (e.g. nested execute()) was evaluated when the user marked it in a netrw listing. - debian/patches/CVE-2026-43961.patch: reference the filename variable directly in the filter() expression instead of concatenating it, in runtime/autoload/netrw.vim; matches upstream patch 9.2.0480. - CVE-2026-43961
CVEs fixed:
Updated packages:
  • vim_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:1f68581f10f5daa6a621a8610109c5a3cec69e80
  • vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:153abfe4bf04b9606170c9e940a31e1ae8575f93
  • vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:d500c64fb5ff705f04aeb97753b78dccfe1014eb
  • vim-common_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:60d8baf5d76a3935a0559f956192b3abeff9ec7d
  • vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els67_all.deb
    sha:41c4cd0ed360f728c399cdab6d4fd997d8c0062d
  • vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:9736f05f1c2447e859570a5fc19e3d88313a7e9a
  • vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:ebba691774f75ce5e40f3f76c83700dab435c5b6
  • vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:aadf40d5cc10d262e60fc50167d91710425d1cf0
  • vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:90b006f2c8e03cbc2945362ad0cae9ca8eb9c166
  • vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:9cf06f525fea68bf119368f4078855a2a7514fe0
  • vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:f4fda3101040740e6db1077109267aa6deed651c
  • vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els67_all.deb
    sha:3c6354992e120685efead86ca4d9c82567ee1b4e
  • vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:6d63b70a02661031510f445f1f83b3ef87315c81
  • vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:84a58938604ba48c2ac563bd9fae59a2cf014311
  • vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els67_all.deb
    sha:79127938389dd1007db16b834e449219366f06ce
  • vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els67_amd64.deb
    sha:472a84617b9b4038ed43b05c2367b5a3e0598fe4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.