Grafana, Vim, PackageKit, and more updates for Oracle Linux

Oracle Linux 6476 Published by

Oracle has released several critical security advisories for Oracle Linux versions 8, 9, and 10 to address multiple vulnerabilities across key software packages. These patches fix dangerous flaws in widely used utilities like Grafana, vim, PackageKit, sudo, and the X window server that could otherwise let attackers run arbitrary commands or steal elevated privileges. System administrators can download the corrected RPM files for both x86_64 and aarch64 architectures directly from the Unbreakable Linux Network to keep their infrastructure secure. Each notice clearly lists resolved CVE identifiers alongside detailed version changes so teams know exactly which updates are needed to close these security gaps before exploitation occurs.

ELSA-2026-11712 Important: Oracle Linux 10 grafana security update
ELSA-2026-11711 Important: Oracle Linux 9 grafana security update
ELSA-2026-11704 Important: Oracle Linux 9 grafana-pcp security update
ELSA-2026-11510 Important: Oracle Linux 9 vim security update
ELSA-2026-11504 Important: Oracle Linux 9 PackageKit security update
ELSA-2026-11514 Important: Oracle Linux 8 grafana-pcp security update
ELSA-2026-11692 Important: Oracle Linux 8 xorg-x11-server security update
ELSA-2026-11507 Important: Oracle Linux 8 grafana security update
ELSA-2026-11635 Important: Oracle Linux 8 PackageKit security update
ELSA-2026-11521 Important: Oracle Linux 8 sudo security update
ELSA-2026-11509 Important: Oracle Linux 8 vim security update




ELSA-2026-11712 Important: Oracle Linux 10 grafana security update


Oracle Linux Security Advisory ELSA-2026-11712

http://linux.oracle.com/errata/ELSA-2026-11712.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-25.el10_1.x86_64.rpm
grafana-selinux-10.2.6-25.el10_1.x86_64.rpm

aarch64:
grafana-10.2.6-25.el10_1.aarch64.rpm
grafana-selinux-10.2.6-25.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/grafana-10.2.6-25.el10_1.src.rpm

Related CVEs:

CVE-2026-32282
CVE-2026-32283

Description of changes:

[10.2.6-25]
- Resolves RHEL-166432: CVE-2026-32282
- Resolves RHEL-167473: CVE-2026-32283



ELSA-2026-11711 Important: Oracle Linux 9 grafana security update


Oracle Linux Security Advisory ELSA-2026-11711

http://linux.oracle.com/errata/ELSA-2026-11711.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-21.el9_7.x86_64.rpm
grafana-selinux-10.2.6-21.el9_7.x86_64.rpm

aarch64:
grafana-10.2.6-21.el9_7.aarch64.rpm
grafana-selinux-10.2.6-21.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/grafana-10.2.6-21.el9_7.src.rpm

Related CVEs:

CVE-2026-32282
CVE-2026-32283

Description of changes:

[10.2.6-21]
- Resolves RHEL-166655: CVE-2026-32282
- Resolves RHEL-167660: CVE-2026-32283



ELSA-2026-11704 Important: Oracle Linux 9 grafana-pcp security update


Oracle Linux Security Advisory ELSA-2026-11704

http://linux.oracle.com/errata/ELSA-2026-11704.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.1.1-14.el9_7.x86_64.rpm

aarch64:
grafana-pcp-5.1.1-14.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/grafana-pcp-5.1.1-14.el9_7.src.rpm

Related CVEs:

CVE-2026-32282
CVE-2026-32283

Description of changes:

[5.1.1-14]
- Resolves RHEL-166656: CVE-2026-32282
- Resolves RHEL-167661: CVE-2026-32283



ELSA-2026-11510 Important: Oracle Linux 9 vim security update


Oracle Linux Security Advisory ELSA-2026-11510

http://linux.oracle.com/errata/ELSA-2026-11510.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.2.2637-23.0.1.el9_7.3.x86_64.rpm
vim-common-8.2.2637-23.0.1.el9_7.3.x86_64.rpm
vim-enhanced-8.2.2637-23.0.1.el9_7.3.x86_64.rpm
vim-filesystem-8.2.2637-23.0.1.el9_7.3.noarch.rpm
vim-minimal-8.2.2637-23.0.1.el9_7.3.x86_64.rpm

aarch64:
vim-X11-8.2.2637-23.0.1.el9_7.3.aarch64.rpm
vim-common-8.2.2637-23.0.1.el9_7.3.aarch64.rpm
vim-enhanced-8.2.2637-23.0.1.el9_7.3.aarch64.rpm
vim-filesystem-8.2.2637-23.0.1.el9_7.3.noarch.rpm
vim-minimal-8.2.2637-23.0.1.el9_7.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/vim-8.2.2637-23.0.1.el9_7.3.src.rpm

Related CVEs:

CVE-2026-34982

Description of changes:

[8.2.2637-23.0.1.el9_7.3]
- Remove upstream references [Orabug: 31197557]

[2:8.2.2637-23.3]
- Resolves: RHEL-164965 vim: arbitrary command execution via modeline sandbox bypass

[2:8.2.2637-23.2]
- RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
- RHEL-155422 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
- RHEL-159629 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function

[2:8.2.2637-23.1]
- RHEL-147940 CVE-2026-25749 vim: Heap Overflow in Vim



ELSA-2026-11504 Important: Oracle Linux 9 PackageKit security update


Oracle Linux Security Advisory ELSA-2026-11504

http://linux.oracle.com/errata/ELSA-2026-11504.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
PackageKit-1.2.6-2.0.1.el9_7.x86_64.rpm
PackageKit-command-not-found-1.2.6-2.0.1.el9_7.x86_64.rpm
PackageKit-glib-1.2.6-2.0.1.el9_7.i686.rpm
PackageKit-glib-1.2.6-2.0.1.el9_7.x86_64.rpm
PackageKit-glib-devel-1.2.6-2.0.1.el9_7.i686.rpm
PackageKit-glib-devel-1.2.6-2.0.1.el9_7.x86_64.rpm
PackageKit-gstreamer-plugin-1.2.6-2.0.1.el9_7.x86_64.rpm
PackageKit-gtk3-module-1.2.6-2.0.1.el9_7.x86_64.rpm

aarch64:
PackageKit-1.2.6-2.0.1.el9_7.aarch64.rpm
PackageKit-command-not-found-1.2.6-2.0.1.el9_7.aarch64.rpm
PackageKit-glib-1.2.6-2.0.1.el9_7.aarch64.rpm
PackageKit-glib-devel-1.2.6-2.0.1.el9_7.aarch64.rpm
PackageKit-gstreamer-plugin-1.2.6-2.0.1.el9_7.aarch64.rpm
PackageKit-gtk3-module-1.2.6-2.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/PackageKit-1.2.6-2.0.1.el9_7.src.rpm

Related CVEs:

CVE-2026-41651

Description of changes:

[1.2.6-2.0.1]
- remove RHEL vendor patch PackageKit-0.3.8-RHEL-Vendor.conf.patch

[1.2.6-2]
- Backport fix for CVE-2026-41651.
- Resolves: #RHEL-170502



ELSA-2026-11514 Important: Oracle Linux 8 grafana-pcp security update


Oracle Linux Security Advisory ELSA-2026-11514

http://linux.oracle.com/errata/ELSA-2026-11514.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.1.1-14.el8_10.x86_64.rpm

aarch64:
grafana-pcp-5.1.1-14.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/grafana-pcp-5.1.1-14.el8_10.src.rpm

Related CVEs:

CVE-2026-32280
CVE-2026-32282
CVE-2026-32283

Description of changes:

[5.1.1-14]
- Resolves RHEL-166520: CVE-2026-32282
- Resolves RHEL-167381: CVE-2026-32280
- Resolves RHEL-167543: CVE-2026-32283



ELSA-2026-11692 Important: Oracle Linux 8 xorg-x11-server security update


Oracle Linux Security Advisory ELSA-2026-11692

http://linux.oracle.com/errata/ELSA-2026-11692.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-common-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.i686.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.x86_64.rpm
xorg-x11-server-source-1.20.11-28.el8_10.noarch.rpm

aarch64:
xorg-x11-server-Xdmx-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-common-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.aarch64.rpm
xorg-x11-server-source-1.20.11-28.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/xorg-x11-server-1.20.11-28.el8_10.src.rpm

Related CVEs:

CVE-2026-33999
CVE-2026-34001
CVE-2026-34003

Description of changes:

[1.20.11-28]
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
CVE-2026-34002, CVE-2026-34003
Resolves: https://redhat.atlassian.net/browse/RHEL-163216
Resolves: https://redhat.atlassian.net/browse/RHEL-163298
Resolves: https://redhat.atlassian.net/browse/RHEL-163229



ELSA-2026-11507 Important: Oracle Linux 8 grafana security update


Oracle Linux Security Advisory ELSA-2026-11507

http://linux.oracle.com/errata/ELSA-2026-11507.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-9.2.10-30.0.1.el8_10.x86_64.rpm
grafana-selinux-9.2.10-30.0.1.el8_10.x86_64.rpm

aarch64:
grafana-9.2.10-30.0.1.el8_10.aarch64.rpm
grafana-selinux-9.2.10-30.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/grafana-9.2.10-30.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-32280
CVE-2026-32282
CVE-2026-32283

Description of changes:

[9.2.10-30.0.1]
- Fixes CVE-2024-1442 Add email verification when updating user email [Orabug: 38550520]

[9.2.10-30]
- Resolves RHEL-166519: CVE-2026-32282
- Resolves RHEL-167380: CVE-2026-32280
- Resolves RHEL-167542: CVE-2026-32283



ELSA-2026-11635 Important: Oracle Linux 8 PackageKit security update


Oracle Linux Security Advisory ELSA-2026-11635

http://linux.oracle.com/errata/ELSA-2026-11635.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
PackageKit-1.1.12-8.0.1.el8_10.i686.rpm
PackageKit-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-command-not-found-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-cron-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-glib-1.1.12-8.0.1.el8_10.i686.rpm
PackageKit-glib-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-glib-devel-1.1.12-8.0.1.el8_10.i686.rpm
PackageKit-glib-devel-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-gstreamer-plugin-1.1.12-8.0.1.el8_10.x86_64.rpm
PackageKit-gtk3-module-1.1.12-8.0.1.el8_10.i686.rpm
PackageKit-gtk3-module-1.1.12-8.0.1.el8_10.x86_64.rpm

aarch64:
PackageKit-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-command-not-found-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-cron-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-glib-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-glib-devel-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-gstreamer-plugin-1.1.12-8.0.1.el8_10.aarch64.rpm
PackageKit-gtk3-module-1.1.12-8.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/PackageKit-1.1.12-8.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-41651

Description of changes:

[1.1.12-8.0.1]
- removed rhel-Vendor.conf.patch

[1.1.12-8]
- Backport fix for CVE-2026-41651.
- Resolves: #RHEL-170493



ELSA-2026-11521 Important: Oracle Linux 8 sudo security update


Oracle Linux Security Advisory ELSA-2026-11521

http://linux.oracle.com/errata/ELSA-2026-11521.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
sudo-1.9.5p2-1.0.1.el8_10.5.x86_64.rpm

aarch64:
sudo-1.9.5p2-1.0.1.el8_10.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/sudo-1.9.5p2-1.0.1.el8_10.5.src.rpm

Related CVEs:

CVE-2026-35535

Description of changes:

[1.9.5p2-1.0.1.el8_10.5]
- Fixes sudo -s unclosed sessions when use_pty option used [Orabug: 36952911]

[1.9.5p2-1.5]
RHEL 8.10.0.Z ERRATUM
- CVE-2026-35535 - Privilege escalation due to failure in privilege drop calls
Resolves: RHEL-166060

[1.9.5p2-1.3]
RHEL 8.10.0.Z ERRATUM
- sudo passes SHELL environment variable twice to the shell being executed [rhel-8]
Resolves: RHEL-127360

[1.9.5p2-1.2]
RHEL 8.10.0.Z ERRATUM
- Reintroduce cmnd_no_wait
Resolves: RHEL-51956
- Missing separator in the log
Resolves: RHEL-71913

[1.9.5p2-1.1]
RHEL 8.10.0.Z ERRATUM
- CVE-2025-32462 sudo: LPE via host option
Resolves: RHEL-100014



ELSA-2026-11509 Important: Oracle Linux 8 vim security update


Oracle Linux Security Advisory ELSA-2026-11509

http://linux.oracle.com/errata/ELSA-2026-11509.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-8.0.1763-22.0.1.el8_10.3.x86_64.rpm
vim-common-8.0.1763-22.0.1.el8_10.3.x86_64.rpm
vim-enhanced-8.0.1763-22.0.1.el8_10.3.x86_64.rpm
vim-filesystem-8.0.1763-22.0.1.el8_10.3.noarch.rpm
vim-minimal-8.0.1763-22.0.1.el8_10.3.x86_64.rpm

aarch64:
vim-X11-8.0.1763-22.0.1.el8_10.3.aarch64.rpm
vim-common-8.0.1763-22.0.1.el8_10.3.aarch64.rpm
vim-enhanced-8.0.1763-22.0.1.el8_10.3.aarch64.rpm
vim-filesystem-8.0.1763-22.0.1.el8_10.3.noarch.rpm
vim-minimal-8.0.1763-22.0.1.el8_10.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-22.0.1.el8_10.3.src.rpm

Related CVEs:

CVE-2026-34982

Description of changes:

[8.0.1763-22.0.1.el8_10.3]
- Remove upstream references [Orabug: 31197557]
- Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984]

[2:8.0.1763-22.3]
- Relates: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass

[2:8.0.1763-22.2]
- Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass

[2:8.0.1763-22.1]
- RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
- RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
- RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file


Glow, Python, VHS, and more updates for Fedora

GDK-Pixbuf2, OpenShift, LibTIFF, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...