Ubuntu Security Update USN-8541-1: Vim vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,861
Reaction score
94
Credits
-1,257
Hirohito Higashi discovered that Vim incorrectly escaped class or trait names when performing PHP omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted PHP file and executing arbitrary commands. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856) Hirohito Higashi discovered that Vim incorrectly handled sound-folding of certain words when using a spell file. An attacker could possibly use this issue to cause Vim to crash, resulting in a denial of service. (CVE-2026-59857) It was discovered that Vim incorrectly escaped certain tags file fields when performing C omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted file and executing arbitrary commands. (CVE-2026-59858)

Continue reading...
 


Follow Linux.org

Members online


Top