Fedora 43 vim Critical Security Advisory 2026-651ba4626f CVE-2026-28417

fedora

March 8, 2026

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419,...

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

Topics Covered

security advisory denial of service fedora critical information disclosure vim

Change Log

* Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-2 - fix tests which expect mouse=a * Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-1 - patchlevel 112 * Thu Feb 26 2026 Zdenek Dohnal - 2:9.2.045-2 - rebuilt

References

[ 1 ] Bug #2443455 - CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin https://bugzilla.redhat.com/show_bug.cgi?id=2443455 [ 2 ] Bug #2443474 - CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file https://bugzilla.redhat.com/show_bug.cgi?id=2443474 [ 3 ] Bug #2443475 - CVE-2026-28422 vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering https://bugzilla.redhat.com/show_bug.cgi?id=2443475 [ 4 ] Bug #2443481 - CVE-2026-28418 vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing https://bugzilla.redhat.com/show_bug.cgi?id=2443481 [ 5 ] Bug #2443482 - CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file https://bugzilla.redhat.com/show_bug.cgi?id=2443482 [ 6 ] Bug #2443484 - CVE-2026-28420 vim: Vim: Information disclosur...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-651ba4626f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: vim

Product: Fedora 43

Version: 9.2.112

Release: 2.fc43

URL: https://www.vim.org/

Summary: The VIM editor

Topics Covered

security advisory denial of service fedora critical information disclosure vim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 43 vim Critical Security Advisory 2026-651ba4626f CVE-2026-28417

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 43 vim Critical Security Advisory 2026-651ba4626f CVE-2026-28417

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!