Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 42 vim Critical Security Fixes For CVE-2026-28417 2026-1885157e34

fedora
Calendar Grey March 19, 2026
Dist Fedora Esm H88
Critical security patch for Fedora's vim editor addressing multiple vulnerabilities including code execution and DoS.
patchlevel 148 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fix for CVE-2026-32249

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

patchlevel 148 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fix for CVE-2026-32249

Topics%20covered

Topics Covered

security advisory denial of service fedora arbitrary code execution information disclosure vim

Change Log

* Fri Mar 13 2026 Zdenek Dohnal - 2:9.2.148-1 - patchlevel 148 * Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-2 - fix tests which expect mouse=a * Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-1 - patchlevel 112 * Thu Feb 26 2026 Zdenek Dohnal - 2:9.2.045-2 - rebuilt

References


[ 1 ] Bug #2443455 - CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin https://bugzilla.redhat.com/show_bug.cgi?id=2443455 [ 2 ] Bug #2443474 - CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file https://bugzilla.redhat.com/show_bug.cgi?id=2443474 [ 3 ] Bug #2443475 - CVE-2026-28422 vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering https://bugzilla.redhat.com/show_bug.cgi?id=2443475 [ 4 ] Bug #2443481 - CVE-2026-28418 vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing https://bugzilla.redhat.com/show_bug.cgi?id=2443481 [ 5 ] Bug #2443482 - CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file https://bugzilla.redhat.com/show_bug.cgi?id=2443482 [ 6 ] Bug #2443484 - CVE-2026-28420 vim: Vim: Information disclosur...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1885157e34' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vim
Product: Fedora 42
Version: 9.2.148
Release: 1.fc42
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory denial of service fedora arbitrary code execution information disclosure vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here