This security update for the `rhc-worker-playbook` component addresses two vulnerabilities: CVE-2026-27137, an incorrect enforcement of email constraints in the `crypto/x509` library, and CVE-2026-25679, an incorrect parsing of IPv6 host literals in the `net/url` library. The advisory is rated Important, though specific CVSS scores are not provided in the summary text. The fix is contained in version `0.2.3-4.el10_1` for Red Hat Enterprise Linux 10 across all supported architectures.
Red Hat Product Errata RHSA-2026:10169 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10169 - Security Advisory Overview Updated Packages Synopsis Important: rhc-worker-playbook security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fix(es): crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509 BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 CVE-2026-27137 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM rhc-worker-playbook-0.2.3-4.el10_1.src.rpm SHA-256: 343b549634dc48fe89eb0c0c36e3f741b5d09cabf401e908cb0f801def41ba31 x86_64 rhc-worker-playbook-0.2.3-4.el10_1.x86_64.rpm SHA-256: 8c3a4cd1c430e15a76774a841f26f68f55539e192113ff496eca326300a5d7fe rhc-worker-playbook-debuginfo-0.2.3-4.el10_1.x86_64.rpm SHA-256: 35ec72959fce4215b64f050fb24d0275d8d4338ca21af9c0e6064a56bf97d323 rhc-worker-playbook-debugsource-0.2.3-4.el10_1.x86_64.rpm SHA-256: 1354a1fe460374d8a207eca3b0389df3834c541f7e5304d3585ce7c33ac412e1 Red Hat Enterprise Linux for IBM z Systems 10 SRPM rhc-worker-playbook-0.2.3-4.el10_1.src.rpm SHA-256: 343b549634dc48fe89eb0c0c36e3f741b5d09cabf401e908cb0f801def41ba31 s390x rhc-worker-playbook-0.2.3-4.el10_1.s390x.rpm SHA-256: 481b7c6949a148020f45b08260ff19ce92f0ae9d3aec10498518268fe69f27bb rhc-worker-playbook-debuginfo-0.2.3-4.el10_1.s390x.rpm SHA-256: 5f818cc07d6b19088357272c0f8bb3116e2a583dd4c46f88cfdbc5dc398ec4c3 rhc-worker-playbook-debugsource-0.2.3-4.el10_1.s390x.rpm SHA-256: a958648e52164949b1a8b77c676795bbd3bec067cf8d9b2aaddd20b090d64cd6 Red Hat Enterprise Linux for Power, little endian 10 SRPM rhc-worker-playbook-0.2.3-4.el10_1.src.rpm SHA-256: 343b549634dc48fe89eb0c0c36e3f741b5d09cabf401e908cb0f801def41ba31 ppc64le rhc-worker-playbook-0.2.3-4.el10_1.ppc64le.rpm SHA-256: a3ff87270ffb62934b3f8ffcca1b5747ce01fea40bc4586e5eedaa2177b27e95 rhc-worker-playbook-debuginfo-0.2.3-4.el10_1.ppc64le.rpm SHA-256: 9a33eebc35056ec1f6374b2bb71e3df7838d8459f89364df2d34d30a6ab5d9d6 rhc-worker-playbook-debugsource-0.2.3-4.el10_1.ppc64le.rpm SHA-256: 4af7633b06e0e4ff16b891a2e8cba927ac3b307dae0ddd092e9914b10c4bfe93 Red Hat Enterprise Linux for ARM 64 10 SRPM rhc-worker-playbook-0.2.3-4.el10_1.src.rpm SHA-256: 343b549634dc48fe89eb0c0c36e3f741b5d09cabf401e908cb0f801def41ba31 aarch64 rhc-worker-playbook-0.2.3-4.el10_1.aarch64.rpm SHA-256: cbe8df68ea236ade5134102372e542f64c765da54d7dbfd4bbd2db2b9779e7f7 rhc-worker-playbook-debuginfo-0.2.3-4.el10_1.aarch64.rpm SHA-256: ecd161e0d806db5e03e6dae1d0438983f8d972c5bcaa1a9a5737436fdc998ade rhc-worker-playbook-debugsource-0.2.3-4.el10_1.aarch64.rpm SHA-256: 579c5d30110a099e4ca3c2e430b7b79197dda4be4162351adb6f68e948e5534b The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .