Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:11375: Important: yggdrasil security update

cve-2026-11375red-hat-enterprise-linuxcve-2026-25679
This vulnerability (CVE-2026-25679, CVSS 7.5 HIGH) in the Go net/url library involves incorrect parsing of IPv6 host literals, which could be exploited to manipulate URL handling. The flaw affects yggdrasil, an MQTT-to-D-Bus routing daemon, on Red Hat Enterprise Linux 10.0 Extended Update Support. According to authoritative NVD data, the underlying Go language fix is in version 1.25.8, and affected systems should apply the provided Red Hat security update for yggdrasil.
Read Full Article →

Red Hat Product Errata RHSA-2026:11375 - Security Advisory Issued: 2026-04-28 Updated: 2026-04-28 RHSA-2026:11375 - Security Advisory Overview Updated Packages Synopsis Important: yggdrasil security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for yggdrasil is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 x86_64 yggdrasil-0.4.7-3.el10_0.x86_64.rpm SHA-256: 8ba4b1c5390bfa8c880bd9a4688ad85009d3be96d047cedca54855531034387f yggdrasil-debuginfo-0.4.7-3.el10_0.x86_64.rpm SHA-256: ef77fd7f6ff6d97fccf3b8e477f13549f658f7a51974cabb4aaaa6f3d20db71a yggdrasil-debugsource-0.4.7-3.el10_0.x86_64.rpm SHA-256: d295e28cd81da94b969d806263fb35fc31977174191b59c9a9569e1792f4d911 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.x86_64.rpm SHA-256: 9c1cf71cbfec384001347e2cb6b5b106ada302a0d31819ae585a673e2d3d1c0a Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 s390x yggdrasil-0.4.7-3.el10_0.s390x.rpm SHA-256: 36ff0c4335b9bc53ee8e1509c61de9255f7d5454a8f188f9adea38b1adb5a853 yggdrasil-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 96421e80aad938ff47a6cf8ba905a500e806657478ca40757802d4527d92f82e yggdrasil-debugsource-0.4.7-3.el10_0.s390x.rpm SHA-256: 55f910cd6f077cf80b76bc13ea9137ee3d166c35c7c2346fb8b6fec035c74d2d yggdrasil-examples-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 763bdf96f84b80e2b9128b1398d496c04f3bb1a8e9e04606234175a4e8503b2e Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 ppc64le yggdrasil-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 81d66e0ac410687e3bc4076faf7c3e3fad00948ed1981552325a7fd9db69c5c7 yggdrasil-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: ebd0676754d809b68b22b9fb91c614ca20104f4aea92348510a209160b8cfc12 yggdrasil-debugsource-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 009f861fec8858b322b06d21cf19b38cbf54d5a82fa7960021566d5a95bfb9c0 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: fb8249375b1613920c5c95171a555c49164798a87ba9331502bc3ce1904e471d Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 aarch64 yggdrasil-0.4.7-3.el10_0.aarch64.rpm SHA-256: 01498824f8437bb4885b3d4b8a8079c0b3b46fd4834dbc569b7730c4ee62ab7f yggdrasil-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 31444714e36c65fbc65ca44c195a03ea0d32a8dd8ca945b3d35b29e24184fd94 yggdrasil-debugsource-0.4.7-3.el10_0.aarch64.rpm SHA-256: 223393b6d926ee69270b7d2b638bff95d048bf87f34f85053f31a36eb0ebc105 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 63e903a2a5eb06c5da8b882a3aa1832cb985ced0e563dfb577a8814b2d3c59d8 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 yggdrasil-debuginfo-0.4.7-3.el10_0.x86_64.rpm SHA-256: ef77fd7f6ff6d97fccf3b8e477f13549f658f7a51974cabb4aaaa6f3d20db71a yggdrasil-debugsource-0.4.7-3.el10_0.x86_64.rpm SHA-256: d295e28cd81da94b969d806263fb35fc31977174191b59c9a9569e1792f4d911 yggdrasil-devel-0.4.7-3.el10_0.x86_64.rpm SHA-256: 58cc32aff06b9f7c24485a8fa96035dbfb45200b950512253e940a58885f88d3 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.x86_64.rpm SHA-256: 9c1cf71cbfec384001347e2cb6b5b106ada302a0d31819ae585a673e2d3d1c0a Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le yggdrasil-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: ebd0676754d809b68b22b9fb91c614ca20104f4aea92348510a209160b8cfc12 yggdrasil-debugsource-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 009f861fec8858b322b06d21cf19b38cbf54d5a82fa7960021566d5a95bfb9c0 yggdrasil-devel-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 67d1f793d00060cf0c05e1dc9fdd9521500eb117f700c04ee907f82a05b6c6ab yggdrasil-examples-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: fb8249375b1613920c5c95171a555c49164798a87ba9331502bc3ce1904e471d Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x yggdrasil-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 96421e80aad938ff47a6cf8ba905a500e806657478ca40757802d4527d92f82e yggdrasil-debugsource-0.4.7-3.el10_0.s390x.rpm SHA-256: 55f910cd6f077cf80b76bc13ea9137ee3d166c35c7c2346fb8b6fec035c74d2d yggdrasil-devel-0.4.7-3.el10_0.s390x.rpm SHA-256: 60bc22a4ee864663fe54f5ef51cd513fedad734d159b7a47981e82656711eb1b yggdrasil-examples-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 763bdf96f84b80e2b9128b1398d496c04f3bb1a8e9e04606234175a4e8503b2e Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 SRPM aarch64 yggdrasil-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 31444714e36c65fbc65ca44c195a03ea0d32a8dd8ca945b3d35b29e24184fd94 yggdrasil-debugsource-0.4.7-3.el10_0.aarch64.rpm SHA-256: 223393b6d926ee69270b7d2b638bff95d048bf87f34f85053f31a36eb0ebc105 yggdrasil-devel-0.4.7-3.el10_0.aarch64.rpm SHA-256: 31e32be0f247fa914a26d0155eb9ceace81e1350a7bf77b9c273c9597cd16ae1 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 63e903a2a5eb06c5da8b882a3aa1832cb985ced0e563dfb577a8814b2d3c59d8 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 aarch64 yggdrasil-0.4.7-3.el10_0.aarch64.rpm SHA-256: 01498824f8437bb4885b3d4b8a8079c0b3b46fd4834dbc569b7730c4ee62ab7f yggdrasil-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 31444714e36c65fbc65ca44c195a03ea0d32a8dd8ca945b3d35b29e24184fd94 yggdrasil-debugsource-0.4.7-3.el10_0.aarch64.rpm SHA-256: 223393b6d926ee69270b7d2b638bff95d048bf87f34f85053f31a36eb0ebc105 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.aarch64.rpm SHA-256: 63e903a2a5eb06c5da8b882a3aa1832cb985ced0e563dfb577a8814b2d3c59d8 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 s390x yggdrasil-0.4.7-3.el10_0.s390x.rpm SHA-256: 36ff0c4335b9bc53ee8e1509c61de9255f7d5454a8f188f9adea38b1adb5a853 yggdrasil-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 96421e80aad938ff47a6cf8ba905a500e806657478ca40757802d4527d92f82e yggdrasil-debugsource-0.4.7-3.el10_0.s390x.rpm SHA-256: 55f910cd6f077cf80b76bc13ea9137ee3d166c35c7c2346fb8b6fec035c74d2d yggdrasil-examples-debuginfo-0.4.7-3.el10_0.s390x.rpm SHA-256: 763bdf96f84b80e2b9128b1398d496c04f3bb1a8e9e04606234175a4e8503b2e Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 ppc64le yggdrasil-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 81d66e0ac410687e3bc4076faf7c3e3fad00948ed1981552325a7fd9db69c5c7 yggdrasil-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: ebd0676754d809b68b22b9fb91c614ca20104f4aea92348510a209160b8cfc12 yggdrasil-debugsource-0.4.7-3.el10_0.ppc64le.rpm SHA-256: 009f861fec8858b322b06d21cf19b38cbf54d5a82fa7960021566d5a95bfb9c0 yggdrasil-examples-debuginfo-0.4.7-3.el10_0.ppc64le.rpm SHA-256: fb8249375b1613920c5c95171a555c49164798a87ba9331502bc3ce1904e471d Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM yggdrasil-0.4.7-3.el10_0.src.rpm SHA-256: 4d3a90747189994cd4723a2a03de38d491cd24ab371f47918826b5005188b9d0 x86_64 yggdrasil-0.4.7-3.el10_0.x86_64.rpm SHA-256: 8ba4b1c5390bfa8c880bd9a4688ad85009d3be96d047cedca

Related Articles

HIGH RHSA-2026:19475: Important: osbuild-composer security update Red Hat Errata HIGH RHSA-2026:17075: Important: yggdrasil security update Red Hat Errata HIGH RHSA-2026:11413: Important: yggdrasil security update Red Hat Errata HIGH RHSA-2026:10701: Important: yggdrasil-worker-package-manager security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn