Oracle alert ELSA-2026-11389 (vim)

From:
               Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>
To:
               el-errata@oss.oracle.com
Subject:
               [El-errata] ELSA-2026-11389 Important: Oracle Linux 10 vim security update
Date:
               Wed, 29 Apr 2026 03:32:54 -0700
Message-ID:
               <mailman.63.1777458788.33.el-errata@oss.oracle.com>
Oracle Linux Security Advisory ELSA-2026-11389

http://linux.oracle.com/errata/ELSA-2026-11389.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux
Network:

x86_64:
vim-X11-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-common-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-data-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.4.x86_64.rpm
xxd-9.1.083-6.0.1.el10_1.4.x86_64.rpm

aarch64:
vim-X11-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-common-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-data-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.4.aarch64.rpm
xxd-9.1.083-6.0.1.el10_1.4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/vim-9.1.083-6.0....

Related CVEs:

CVE-2026-34982

Description of changes:

[9.1.083-6.0.1.el10_1.4]
- Remove upstream references [Orabug: 31197557]

[2:9.1.083-6.4]
- Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass

[2:9.1.083-6.3]
- RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob()
function

[2:9.1.083-6.2]
- RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted
swap file

[2:9.1.083-6.2]
- RHEL-155425 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the
netrw plugin

[2:9.1.083-6.1]
- RHEL-147922 CVE-2026-25749 vim: Heap Overflow in Vim

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

From:		Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>
To:		el-errata@oss.oracle.com
Subject:		[El-errata] ELSA-2026-11389 Important: Oracle Linux 10 vim security update
Date:		Wed, 29 Apr 2026 03:32:54 -0700
Message-ID:		<mailman.63.1777458788.33.el-errata@oss.oracle.com>