ELSA-2026-38511

ELSA-2026-38511 - vim security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-14

Description


[8.2.2637-26.0.1.el9_8.10]
- Remove upstream references [Orabug: 31197557]

[2:8.2.2637-26.10]
- RHEL-186659 CVE-2026-47162 vim: code injection via
NetrwBookHistSave()

[2:8.2.2637-26.9]
- RHEL-186646 CVE-2026-52858 vim: possible code execution with
python3complete

[2:8.2.2637-26.8]
- RHEL-185874 CVE-2026-47167 vim: Code Injection in cucumber filetype plugin

[2:8.2.2637-26.7]
- RHEL-178243 CVE-2026-46483 vim: command injection in tar plugin

[2:8.2.2637-26.6]
- CVE-2026-41411 vim: Command injection via backticks in tag files

[2:8.2.2637-26.5]
- RHEL-170136 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite
via path traversal bypass

[2:8.2.2637-26.4]
- Resolves: RHEL-164966 vim: arbitrary command execution via modeline sandbox bypass

[2:8.2.2637-26.3]
- Related: RHEL-159630 rebuild to build with exception target

[2:8.2.2637-26.2]
- remove -O0 from flags


Related CVEs


CVE-2026-46483
CVE-2026-47162
CVE-2026-47167
CVE-2026-52858

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_aarch64_appstream
vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_aarch64_baseos_latest
vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_aarch64_u8_baseos_patch
vim-X11-8.2.2637-26.0.1.el9_8.10.aarch64.rpm6f96a4de8dde9b637d011ce570f9b151c81d4869256d249eb1600d55d7952d9e-ol9_aarch64_appstream
vim-common-8.2.2637-26.0.1.el9_8.10.aarch64.rpm55d6637604b6d4cca38d6454f8edad3f9f5033462c34b87a9a2da4a0236320da-ol9_aarch64_appstream
vim-enhanced-8.2.2637-26.0.1.el9_8.10.aarch64.rpm82021ac57720268f48bee3a9aafa36ce98560339316b14533a2475a324dbfb94-ol9_aarch64_appstream
vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm89551a6d49a8ff5d6001617dfe287be63663046eed53dcf122aee243ccb4fb25-ol9_aarch64_baseos_latest
vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm89551a6d49a8ff5d6001617dfe287be63663046eed53dcf122aee243ccb4fb25-ol9_aarch64_u8_baseos_patch
vim-minimal-8.2.2637-26.0.1.el9_8.10.aarch64.rpm1fd2cbe3772252a71d5928f7a863ba257c5a2fa9876028d83e62e8cfd4c99c3f-ol9_aarch64_baseos_latest
vim-minimal-8.2.2637-26.0.1.el9_8.10.aarch64.rpm1fd2cbe3772252a71d5928f7a863ba257c5a2fa9876028d83e62e8cfd4c99c3f-ol9_aarch64_u8_baseos_patch
Oracle Linux 9 (x86_64) vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_x86_64_appstream
vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_x86_64_baseos_latest
vim-8.2.2637-26.0.1.el9_8.10.src.rpm1675078f957ce0a0c7b9063b9d8484adb9a957ec52d49de73a095419fd880379-ol9_x86_64_u8_baseos_patch
vim-X11-8.2.2637-26.0.1.el9_8.10.x86_64.rpmfac3ef8151d85e726d216ff06d7c2bb5bc785f304985272e10256b68a9ad1fc0-ol9_x86_64_appstream
vim-common-8.2.2637-26.0.1.el9_8.10.x86_64.rpmc7c0c945197a559b7d3e9af359877e9db3961b8964f4aef18f5e695e2aea860b-ol9_x86_64_appstream
vim-enhanced-8.2.2637-26.0.1.el9_8.10.x86_64.rpmffaf2e6ac3f7d5327b48efe407d49a53212aab474286ea23295ed4704eb6c6fd-ol9_x86_64_appstream
vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm89551a6d49a8ff5d6001617dfe287be63663046eed53dcf122aee243ccb4fb25-ol9_x86_64_baseos_latest
vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm89551a6d49a8ff5d6001617dfe287be63663046eed53dcf122aee243ccb4fb25-ol9_x86_64_u8_baseos_patch
vim-minimal-8.2.2637-26.0.1.el9_8.10.x86_64.rpm0584a232f2a3fe25d29f9b3b77c856cf516f5a970cd9d1aa4a9812edcdc5636c-ol9_x86_64_baseos_latest
vim-minimal-8.2.2637-26.0.1.el9_8.10.x86_64.rpm0584a232f2a3fe25d29f9b3b77c856cf516f5a970cd9d1aa4a9812edcdc5636c-ol9_x86_64_u8_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete