Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE 16.0 vim Important Command Injection Fix Advisory 20828-1

opensuse
Calendar Grey May 29, 2026
Dist Opensuse Esm H88
Important openSUSE security advisory for vim fixing command injection and buffer overflow vulnerabilities.
An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for vim fixes the following issues

- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).

- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin

bundled with Vim (bsc#1264706).

- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).

- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line

completion (bsc#1264707).

- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when

loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).

- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`

archives on Unix-like systems (bsc#1265360).

Changes for vim:

- Update to v9.2.0530.

- Fix for incorrectly...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

gvim-9.2.0530-160000.1.1

vim-9.2.0530-160000.1.1

vim-data-9.2.0530-160000.1.1

vim-data-common-9.2.0530-160000.1.1

vim-small-9.2.0530-160000.1.1

xxd-9.2.0530-160000.1.1

References

* bsc#1261833

* bsc#1262395

* bsc#1264706

* bsc#1264707

* bsc#1264708

* bsc#1265349

* bsc#1265360

References:

* https://www.suse.com/security/cve/CVE-2026-39881.html

* https://www.suse.com/security/cve/CVE-2026-42307.html

* https://www.suse.com/security/cve/CVE-2026-43961.html

* https://www.suse.com/security/cve/CVE-2026-44656.html

* https://www.suse.com/security/cve/CVE-2026-45130.html

* https://www.suse.com/security/cve/CVE-2026-46483.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20828-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here