This update for vim fixes the following issues
- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).
- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
archives on Unix-like systems (bsc#1265360).
Changes for vim:
- Update to v9.2.0530.
- Fix for incorrectly...
Read the Full Advisory- openSUSE Leap 16.0:
gvim-9.2.0530-160000.1.1
vim-9.2.0530-160000.1.1
vim-data-9.2.0530-160000.1.1
vim-data-common-9.2.0530-160000.1.1
vim-small-9.2.0530-160000.1.1
xxd-9.2.0530-160000.1.1
* bsc#1261833
* bsc#1262395
* bsc#1264706
* bsc#1264707
* bsc#1264708
* bsc#1265349
* bsc#1265360
References:
* https://www.suse.com/security/cve/CVE-2026-39881.html
* https://www.suse.com/security/cve/CVE-2026-42307.html
* https://www.suse.com/security/cve/CVE-2026-43961.html
* https://www.suse.com/security/cve/CVE-2026-44656.html
* https://www.suse.com/security/cve/CVE-2026-45130.html
* https://www.suse.com/security/cve/CVE-2026-46483.html
Get the latest Linux and open source security news straight to your inbox.