Updated vim packages fix security vulnerabilities
Publication date: 06 Mar 2026Modification date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-28417 , CVE-2026-28418 , CVE-2026-28419 , CVE-2026-28420 , CVE-2026-28421 , CVE-2026-28422
Description
OS Command Injection in netrw affects Vim < 9.2.0073. (CVE-2026-28417)
Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074.
(CVE-2026-28418)
Heap-based Buffer Underflow in Emacs tags parsing affects Vim <
9.2.0075. (CVE-2026-28419)
Heap-based Buffer Overflow and OOB Read in :terminal affects Vim <
9.2.0076. (CVE-2026-28420)
Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077.
(CVE-2026-28421)
Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078.
(CVE-2026-28422)
References
- https://bugs.mageia.org/show_bug.cgi?id=35167
- https://www.openwall.com/lists/oss-security/2026/02/27/6
- https://www.openwall.com/lists/oss-security/2026/02/27/7
- https://www.openwall.com/lists/oss-security/2026/02/27/8
- https://www.openwall.com/lists/oss-security/2026/02/27/9
- https://www.openwall.com/lists/oss-security/2026/02/27/10
- https://www.openwall.com/lists/oss-security/2026/02/27/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28417
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28422
SRPMS
9/core
- vim-9.2.106-1.mga9