[CLSA-2026:1781086654] Fix CVE(s): CVE-2026-41411
Type:
security
Severity:
Important
Release date:
2026-06-10 10:19:09 UTC
Description:
* SECURITY UPDATE: command injection via backticks in tag files - debian/patches/CVE-2026-41411.patch: disallow backticks in tag filenames before attempting wildcard expansion in expand_tag_fname() (src/tag.c), preventing arbitrary shell command execution via a malicious tags file; matches upstream patch 9.2.0357 - CVE-2026-41411
CVEs fixed:
Updated packages:
  • vim_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:e0adb73b4f663c8f1aeb05770d65c7b2ee073fa7
  • vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:7e06193d685c2bd6fd590a4b495b977001150b03
  • vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:fb19decbf2b130224ffec6216da39db2ea8a0c1c
  • vim-common_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:83fb3eb7e85fc38053491096f2ea84cfd4bbe2ef
  • vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els66_all.deb
    sha:20d756d0618e8906b98902a29126449374452f34
  • vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:b4095d334c146e6368c24e7579ec3aed3e9d25b6
  • vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:cbc72fb39f8eb510e580e7d01b41644122f32d08
  • vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:cb52076d746ce7c00bbcd24096ba613e426d34d3
  • vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:3c51300df28881ebb3553a1d9f8478070e820d4a
  • vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:b9838f73aa2cedb61b04161919d3430ab3b35e79
  • vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:8672b9a0fb13886ef8f4ac237ddf9afe910a2879
  • vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els66_all.deb
    sha:9cdaf1ca8e218c7ab0a243631ca0851477fce9af
  • vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:e7dc46dc193f439efc5b1574c640265123c61ae8
  • vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:e74a7c6bbe4257148cd1f37991014658cb2fcbe8
  • vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els66_all.deb
    sha:05ab9f9a4f2a56d5d515a15d6f4caa5f9db98107
  • vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els66_amd64.deb
    sha:dc1880e578661f1f6807fe5c3852acc062a14997
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.