ELSA-2026-28209

ULN >
Oracle Linux Errata repository >
ELSA-2026-28209

ELSA-2026-28209 - vim security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-06-23

Description

[8.2.2637-26.0.1.el9_8.6]
- Remove upstream references [Orabug: 31197557]

[2:8.2.2637-26.6]
- CVE-2026-41411 vim: Command injection via backticks in tag files

[2:8.2.2637-26.5]
- RHEL-170136 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite
via path traversal bypass

[2:8.2.2637-26.4]
- Resolves: RHEL-164966 vim: arbitrary command execution via modeline sandbox bypass

[2:8.2.2637-26.3]
- Related: RHEL-159630 rebuild to build with exception target

[2:8.2.2637-26.2]
- remove -O0 from flags

[2:8.2.2637-26.1]
- RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function

Related CVEs

CVE-2026-41411

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_aarch64_appstream
	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_aarch64_baseos_latest
	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_aarch64_u8_baseos_patch
	vim-X11-8.2.2637-26.0.1.el9_8.6.aarch64.rpm	bbc6d5bad83b1a00f2ad12b2e1c5f7fccf08709cf574357f0a20c6146c543b15	-	ol9_aarch64_appstream
	vim-common-8.2.2637-26.0.1.el9_8.6.aarch64.rpm	c2407430d730ad35484a4b62910823a82f45630495d9e3e9543d32a33e43c883	-	ol9_aarch64_appstream
	vim-enhanced-8.2.2637-26.0.1.el9_8.6.aarch64.rpm	6f5cc62d63b3aca7aa4ae729570b64d76a67cd5fcf4d9223acde2895c0ae1fce	-	ol9_aarch64_appstream
	vim-filesystem-8.2.2637-26.0.1.el9_8.6.noarch.rpm	b3a826a2442869ee0416b65b239e741390a89724f6f3aa722d77d7e192f93790	-	ol9_aarch64_baseos_latest
	vim-filesystem-8.2.2637-26.0.1.el9_8.6.noarch.rpm	b3a826a2442869ee0416b65b239e741390a89724f6f3aa722d77d7e192f93790	-	ol9_aarch64_u8_baseos_patch
	vim-minimal-8.2.2637-26.0.1.el9_8.6.aarch64.rpm	668d2f487e5c903719da69c40f00306574efe63232b681f548957e59a30ebac3	-	ol9_aarch64_baseos_latest
	vim-minimal-8.2.2637-26.0.1.el9_8.6.aarch64.rpm	668d2f487e5c903719da69c40f00306574efe63232b681f548957e59a30ebac3	-	ol9_aarch64_u8_baseos_patch

Oracle Linux 9 (x86_64)	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_x86_64_appstream
	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_x86_64_baseos_latest
	vim-8.2.2637-26.0.1.el9_8.6.src.rpm	467dc8654eed9a9dbcb3fa097358cd746dd3f853382c0c8aae16524b37b4355a	-	ol9_x86_64_u8_baseos_patch
	vim-X11-8.2.2637-26.0.1.el9_8.6.x86_64.rpm	aa9aff7f5d1e0ae06cc2ad1a5c2abc4572cc1806453b4b08970b1964e79e307f	-	ol9_x86_64_appstream
	vim-common-8.2.2637-26.0.1.el9_8.6.x86_64.rpm	65464ce44a1d02d89a8f2f53b497e80a77eea1dc824ce1fb22a2074a2b4fd2fc	-	ol9_x86_64_appstream
	vim-enhanced-8.2.2637-26.0.1.el9_8.6.x86_64.rpm	8559d0c295cbbefc0f265dda4cca28426272ad253574e12c3d9c0b80a63f6943	-	ol9_x86_64_appstream
	vim-filesystem-8.2.2637-26.0.1.el9_8.6.noarch.rpm	b3a826a2442869ee0416b65b239e741390a89724f6f3aa722d77d7e192f93790	-	ol9_x86_64_baseos_latest
	vim-filesystem-8.2.2637-26.0.1.el9_8.6.noarch.rpm	b3a826a2442869ee0416b65b239e741390a89724f6f3aa722d77d7e192f93790	-	ol9_x86_64_u8_baseos_patch
	vim-minimal-8.2.2637-26.0.1.el9_8.6.x86_64.rpm	a3767dc8b820e0af4c18df55a51dda8ba2afe55580fe76957b8e3633ace755be	-	ol9_x86_64_baseos_latest
	vim-minimal-8.2.2637-26.0.1.el9_8.6.x86_64.rpm	a3767dc8b820e0af4c18df55a51dda8ba2afe55580fe76957b8e3633ace755be	-	ol9_x86_64_u8_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691