Synopsis:
vim security updateSummary:
An update for vim is now available for openEuler-22.03-LTS-SP4Description:
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.
Security Fix(es):
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.(CVE-2026-46483)Topic:
An update for vim is now available for openEuler-22.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
vim
9.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp49.0-48.oe2203sp4Exploitability
AV:LAC:HPR:NUI:RScope
S:UImpact
C:HI:HA:H7.0/CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H