网安资讯详情 - SecLens 情报雷达

ALINUX3-SA-2026:0147

来源： alibaba_cloud_linux_advisory · 发布时间 2026-06-11 17:35 (UTC+08:00) · 抓取时间 2026-06-11 18:00 (UTC+08:00)

原文链接

摘要

Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35177: Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280. **Solution**: 请您尽快将升级到修复后的版本。修复命令如下： yum update --advisory ALINUX3-SA-2026:0147 **Affected Products**: Alinux 3.2104, Alinux 3 Pro

正文

Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35177: Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.

标签

• cve:cve-2025-53906
• cve:cve-2026-35177
• severity:moderate
• type:advisory
• vendor:alibaba

扩展字段

{
  "advisory_id": "ALINUX3-SA-2026:0147",
  "affected_products": [
    "Alinux 3.2104",
    "Alinux 3 Pro"
  ],
  "cve_ids": [
    "CVE-2025-53906",
    "CVE-2026-35177"
  ],
  "raw_pub_date": "Thu, 11 Jun 2026 17:35:31 +0800",
  "solution": "请您尽快将升级到修复后的版本。修复命令如下：\nyum update --advisory ALINUX3-SA-2026:0147"
}