Updated vim packages fix security vulnerabilities
Publication date: 10 Jul 2026Modification date: 10 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-52858 , CVE-2026-52859 , CVE-2026-52860 , CVE-2026-55693 , CVE-2026-55892 , CVE-2026-55895 , CVE-2026-57451 , CVE-2026-57452 , CVE-2026-57453 , CVE-2026-57454 , CVE-2026-57455 , CVE-2026-57456
Description
The updated packages fix security vulnerabilities:
Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0561.
(CVE-2026-52858)
Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.0565.
(CVE-2026-52859)
Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0597.
(CVE-2026-52860)
Out-of-bounds Write in Spell File Word Count in Vim < 9.2.0653.
(CVE-2026-55693)
Out-of-bounds Write in Spell File Prefix Dump in Vim < 9.2.0662.
(CVE-2026-55892)
Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted
filename affects Vim < 9.2.0663. (CVE-2026-55895)
Out-of-bounds Read in Text Property Count in Vim < 9.2.0670.
(CVE-2026-57451)
Out-of-bounds Read with libsodium-encrypted Files in Vim < 9.2.0671.
(CVE-2026-57452)
PowerShell Command Injection in zip.vim via Crafted Archive Entry Names
in Vim > 9.1.1783 && Vim < 9.2.0678. (CVE-2026-57453)
Out-of-bounds Read with Text Properties in Vim >= 9.2.0320 && Vim <
9.2.0679. (CVE-2026-57454)
Out-of-bounds Write in SOFO Soundfolding in Vim < 9.2.0698.
(CVE-2026-57455)
Arbitrary Code Execution via Python Omni-Completion Docstrings in Vim <
9.2.0699. (CVE-2026-57456)
References
- https://bugs.mageia.org/show_bug.cgi?id=35580
- https://www.openwall.com/lists/oss-security/2026/05/22/13
- https://github.com/vim/vim/security/advisories/GHSA-3h95-3962-mmvf
- https://www.openwall.com/lists/oss-security/2026/05/29/5
- https://github.com/vim/vim/security/advisories/GHSA-52mc-rq6p-rc7c
- https://www.openwall.com/lists/oss-security/2026/05/30/4
- https://github.com/vim/vim/security/advisories/GHSA-47gw-8gc3-mgcm
- https://www.openwall.com/lists/oss-security/2026/06/04/14
- https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468
- https://www.openwall.com/lists/oss-security/2026/06/15/8
- https://github.com/vim/vim/security/advisories/GHSA-wgh4-64f7-q3jq
- https://www.openwall.com/lists/oss-security/2026/06/16/12
- https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h
- https://www.openwall.com/lists/oss-security/2026/06/16/13
- https://github.com/vim/vim/security/advisories/GHSA-vhh8-v6wx-hjjh
- https://www.openwall.com/lists/oss-security/2026/06/17/10
- https://github.com/vim/vim/security/advisories/GHSA-f36c-2qcp-7gpw
- https://www.openwall.com/lists/oss-security/2026/06/18/7
- https://github.com/vim/vim/security/advisories/GHSA-c4j9-wr9j-4486
- https://www.openwall.com/lists/oss-security/2026/06/20/2
- https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf
- https://www.openwall.com/lists/oss-security/2026/06/20/3
- https://github.com/vim/vim/security/advisories/GHSA-ww8h-47xp-hp4w
- https://www.openwall.com/lists/oss-security/2026/06/21/1
- https://github.com/vim/vim/security/advisories/GHSA-q8mh-6qm3-25g4
- https://www.openwall.com/lists/oss-security/2026/06/21/2
- https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3
- https://www.openwall.com/lists/oss-security/2026/06/24/9
- https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2
- https://www.openwall.com/lists/oss-security/2026/06/27/6
- https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x
- https://www.openwall.com/lists/oss-security/2026/06/28/1
- https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97
- https://www.cve.org/CVERecord?id=CVE-2026-52858
- https://www.cve.org/CVERecord?id=CVE-2026-52859
- https://www.cve.org/CVERecord?id=CVE-2026-52860
- https://www.cve.org/CVERecord?id=CVE-2026-55693
- https://www.cve.org/CVERecord?id=CVE-2026-55892
- https://www.cve.org/CVERecord?id=CVE-2026-55895
- https://www.cve.org/CVERecord?id=CVE-2026-57451
- https://www.cve.org/CVERecord?id=CVE-2026-57452
- https://www.cve.org/CVERecord?id=CVE-2026-57453
- https://www.cve.org/CVERecord?id=CVE-2026-57454
- https://www.cve.org/CVERecord?id=CVE-2026-57455
- https://www.cve.org/CVERecord?id=CVE-2026-57456
SRPMS
10/core
- vim-9.2.782-1.mga10
9/core
- vim-9.2.782-1.mga9