Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Fedora 44 vim Critical Security Fix CVE-2026-28417 CVE-2026-32249

fedora
Calendar Grey March 20, 2026
Dist Fedora Esm H88
Critical security fixes for vim on Fedora 44 address arbitrary code execution, denial of service, and more.
patchlevel 148 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fix for CVE-2026-32249

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

Update Information:

patchlevel 148 Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 Security fix for CVE-2026-32249

Topics%20covered

Topics Covered

security advisory fedora DoS arbitrary code execution information disclosure stack overflow

Change Log

* Fri Mar 13 2026 Zdenek Dohnal - 2:9.2.148-1 - patchlevel 148 * Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-2 - fix tests which expect mouse=a * Fri Mar 6 2026 Zdenek Dohnal - 2:9.2.112-1 - patchlevel 112 * Thu Feb 26 2026 Zdenek Dohnal - 2:9.2.045-2 - SPEC file cleanup

References


[ 1 ] Bug #2443455 - CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin https://bugzilla.redhat.com/show_bug.cgi?id=2443455 [ 2 ] Bug #2443474 - CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file https://bugzilla.redhat.com/show_bug.cgi?id=2443474 [ 3 ] Bug #2443475 - CVE-2026-28422 vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering https://bugzilla.redhat.com/show_bug.cgi?id=2443475 [ 4 ] Bug #2443481 - CVE-2026-28418 vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing https://bugzilla.redhat.com/show_bug.cgi?id=2443481 [ 5 ] Bug #2443482 - CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file https://bugzilla.redhat.com/show_bug.cgi?id=2443482 [ 6 ] Bug #2443484 - CVE-2026-28420 vim: Vim: Information disclosur...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f5d072060b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vim
Product: Fedora 44
Version: 9.2.148
Release: 1.fc44
URL: https://www.vim.org/
Summary: The VIM editor

Topics%20covered

Topics Covered

security advisory fedora DoS arbitrary code execution information disclosure stack overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here