Advisories ยป MGASA-2026-0240

Updated vim packages fix security vulnerabilities

Publication date: 10 Jul 2026
Modification date: 10 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-52858 , CVE-2026-52859 , CVE-2026-52860 , CVE-2026-55693 , CVE-2026-55892 , CVE-2026-55895 , CVE-2026-57451 , CVE-2026-57452 , CVE-2026-57453 , CVE-2026-57454 , CVE-2026-57455 , CVE-2026-57456

Description

The updated packages fix security vulnerabilities:
Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0561.
(CVE-2026-52858)
Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.0565.
(CVE-2026-52859)
Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0597.
(CVE-2026-52860)
Out-of-bounds Write in Spell File Word Count in Vim < 9.2.0653.
(CVE-2026-55693)
Out-of-bounds Write in Spell File Prefix Dump in Vim < 9.2.0662.
(CVE-2026-55892)
Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted
filename affects Vim < 9.2.0663. (CVE-2026-55895)
Out-of-bounds Read in Text Property Count in Vim < 9.2.0670.
(CVE-2026-57451)
Out-of-bounds Read with libsodium-encrypted Files in Vim < 9.2.0671.
(CVE-2026-57452)
PowerShell Command Injection in zip.vim via Crafted Archive Entry Names
in Vim > 9.1.1783 && Vim < 9.2.0678. (CVE-2026-57453)
Out-of-bounds Read with Text Properties in Vim >= 9.2.0320 && Vim <
9.2.0679. (CVE-2026-57454)
Out-of-bounds Write in SOFO Soundfolding in Vim < 9.2.0698.
(CVE-2026-57455)
Arbitrary Code Execution via Python Omni-Completion Docstrings in Vim <
9.2.0699. (CVE-2026-57456)
                

References

SRPMS

10/core

9/core