Red Hat Product Errata RHSA-2026:11635 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11635 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM PackageKit-1.1.12-8.el8_10.src.rpm SHA-256: b1fb2021d7b0e3542927528e3c28b93657aa2facc9a9ba8d29cda7f7c23d7440 x86_64 PackageKit-1.1.12-8.el8_10.x86_64.rpm SHA-256: 67cfbf0d8337bab34b772caa8e66573573ecd8d8fb2f457ed78c2a43739314a6 PackageKit-command-not-found-1.1.12-8.el8_10.x86_64.rpm SHA-256: c11f7ea57c35b6f45a709642f219a5fb0f945e5340231d2ebf31e9ea162958a7 PackageKit-command-not-found-debuginfo-1.1.12-8.el8_10.i686.rpm SHA-256: ede9145bf800965eaacff46c65c676928d4afdc2b31409c7489b414ff9dffa5b PackageKit-command-not-found-debuginfo-1.1.12-8.el8_10.x86_64.rpm SHA-256: e7ae1272b43d0d55fdefaab15353e09c14c3d19326a47c24377e5659710ffe9f PackageKit-cron-1.1.12-8.el8_10.x86_64.rpm SHA-256: 219b6eef8c8ec9ff418ed492f015dd85f103e582445b0964161a74e223519644 PackageKit-debuginfo-1.1.12-8.el8_10.i686.rpm SHA-256: 62f11efba0dafc733b0250c851be35a23d672d4cf01c14b85267008eb178b5be PackageKit-debuginfo-1.1.12-8.el8_10.x86_64.rpm SHA-256: dffeae467b8abffb9eac489db92abfe23b5e746842240aa8e8c9fd06b9e5ec33 PackageKit-debugsource-1.1.12-8.el8_10.i686.rpm SHA-256: 9e169c9ebab8cafec193fd8c664b347d032a123d6696a9c7167d9c2d4830adf5 PackageKit-debugsource-1.1.12-8.el8_10.x86_64.rpm SHA-256: 4a888a4dbdf940cd8e1a5291bf0b1dcb43b0b40c9298adceab688c2e74ad3649 PackageKit-glib-1.1.12-8.el8_10.i686.rpm SHA-256: eb7a34ac3e3a3173f622902e9197c4171f0e0c35cda8d1d49dcebf23addbdd7b PackageKit-glib-1.1.12-8.el8_10.x86_64.rpm SHA-256: b85b9a6150c8c062ad80ef0558d5950d5cbf75f7d57a770388bfda7d5cd8bf60 PackageKit-glib-debuginfo-1.1.12-8.el8_10.i686.rpm SHA-256: 9edf18ec74db2864e993dd2283232db38e14919b5a64f8acf158e7b58a60332a PackageKit-glib-debuginfo-1.1.12-8.el8_10.x86_64.rpm SHA-256: 2b108622d29ba3ebfb01d3c9bf9190b021c436ea7d3af6c941e3a30215b1dd59 PackageKit-gstreamer-plugin-1.1.12-8.el8_10.x86_64.rpm SHA-256: 77666b051678ebc12dca6633998b1f27398e88fe0dea693a7682d34b168e4f24 PackageKit-gstreamer-plugin-debuginfo-1.1.12-8.el8_10.i686.rpm SHA-256: 570bf9e4628d02b696c268f57bcc404f4596e2301a893a0777b03416d874abb4 PackageKit-gstreamer-plugin-debuginfo-1.1.12-8.el8_10.x86_64.rpm SHA-256: be2f090faec30f5859bb4a008702b80c6b03f3a6acba4835d6c80d913ee1bdd0 PackageKit-gtk3-module-1.1.12-8.el8_10.i686.rpm SHA-256: 2711c950ca4a0366152ce8fd587396ed93e8f520478bd87de4b29e976b50a405 PackageKit-gtk3-module-1.1.12-8.el8_10.x86_64.rpm SHA-256: c56615b4baf86071cc8fd59f071b740099620c2d98c843954e8ac187b76724f4 PackageKit-gtk3-module-debuginfo-1.1.12-8.el8_10.i686.rpm SHA-256: 1b10e66caa7f973c67bc583d9e12d38e317a91121a34a2740b71c2a40517f629 PackageKit-gtk3-module-debuginfo-1.1.12-8.el8_10.x86_64.rpm SHA-256: 998d6f7d2563bebd75896883cd464c31a28899b6eaf0f71d1e897d9d0719a0a3 Red Hat Enterprise Linux for IBM z Systems 8 SRPM PackageKit-1.1.12-8.el8_10.src.rpm SHA-256: b1fb2021d7b0e3542927528e3c28b93657aa2facc9a9ba8d29cda7f7c23d7440 s390x PackageKit-1.1.12-8.el8_10.s390x.rpm SHA-256: 40c18ae91bf6179f72eb12f76de03871c36a2f5f904f1f313d091e076b6b9ab8 PackageKit-command-not-found-1.1.12-8.el8_10.s390x.rpm SHA-256: 98abc1e8e9a508cea2297e0577a8bcf2c6d69773297381fab6852b84b5ca33b6 PackageKit-command-not-found-debuginfo-1.1.12-8.el8_10.s390x.rpm SHA-256: dec21c43c6d01b5e116e70093de97cdd5d527ef5c70fcf75e53eb3a91306f2a1 PackageKit-cron-1.1.12-8.el8_10.s390x.rpm SHA-256: 7678b9ec8d7c13ac0ad4929eac82b95cbae388fd27521bdf63281731fe16fb51 PackageKit-debuginfo-1.1.12-8.el8_10.s390x.rpm SHA-256: a7e2a1f935904587e5e48796fc3fdc4888a82711dbb92935567ae0b029517490 PackageKit-debugsource-1.1.12-8.el8_10.s390x.rpm SHA-256: cbe0164b50fb0d99de4d76008c218453fbae4e48587ec187f83c6311db85582a PackageKit-glib-1.1.12-8.el8_10.s390x.rpm SHA-256: 8d0444746eee37b7f653345b6aec6f9422b851aed002f45c4fe08a379695c485 PackageKit-glib-debuginfo-1.1.12-8.el8_10.s390x.rpm SHA-256: bf700d5ddc435e00ca7577dbdd108b8da05d5bc8a1659220a0f9e654c574b970 PackageKit-gstreamer-plugin-1.1.12-8.el8_10.s390x.rpm SHA-256: d03246269b80dfff8245bb1cd686d4af0a2be67e3f89be3c7c06f3bcd77db533 PackageKit-gstreamer-plugin-debuginfo-1.1.12-8.el8_10.s390x.rpm SHA-256: 672dd29c276bfd6bf3023c9e18dd55914e9d0ac196f83716bdba94c182366cd1 PackageKit-gtk3-module-1.1.12-8.el8_10.s390x.rpm SHA-256: 0ef83355a2528cef5a37b29f0ed3c1f1cf1875ebbe16345cb64976ebc2181ee9 PackageKit-gtk3-module-debuginfo-1.1.12-8.el8_10.s390x.rpm SHA-256: 9a4e464f6cc397109b853df3a29b4d18a64a9ed37eebec83a4cb62055d58ad87 Red Hat Enterprise Linux for Power, little endian 8 SRPM PackageKit-1.1.12-8.el8_10.src.rpm SHA-256: b1fb2021d7b0e3542927528e3c28b93657aa2facc9a9ba8d29cda7f7c23d7440 ppc64le PackageKit-1.1.12-8.el8_10.ppc64le.rpm SHA-256: 05407ea04b122d263078722dfe119dce4a0369f682abaa92601a3886531acfa7 PackageKit-command-not-found-1.1.12-8.el8_10.ppc64le.rpm SHA-256: 740d429569be5e556c1596df15738a5dec649529d06dd6e1931ba2fbaa098e8e PackageKit-command-not-found-debuginfo-1.1.12-8.el8_10.ppc64le.rpm SHA-256: 9e66f03d4045cd5e26c9246d25545117e30beeb1027e67b14a90eeb0f4e0b7a7 PackageKit-cron-1.1.12-8.el8_10.ppc64le.rpm SHA-256: b74a66930c7dbd57267bc64812d948597336e2264b06a7b3fda2bda7697e0d6f PackageKit-debuginfo-1.1.12-8.el8_10.ppc64le.rpm SHA-256: c3048b122697c38e3941c523347dac9dc153875bb03cd0bb8082bb948c4fca89 PackageKit-debugsource-1.1.12-8.el8_10.ppc64le.rpm SHA-256: ca89d4ec8af03f38baf2254729f05ee04cb0c00c7ffa6ab81d8bcd5e6b51f01f PackageKit-glib-1.1.12-8.el8_10.ppc64le.rpm SHA-256: 8298d973a6932028666153ddb48de02eb0de8fa8f6a9fb5b75d0b1d9051c93d5 PackageKit-glib-debuginfo-1.1.12-8.el8_10.ppc64le.rpm SHA-256: ee9652be324c0935c6634ff73ceb7363c7235e0cb8a8d423e98e652501daa876 PackageKit-gstreamer-plugin-1.1.12-8.el8_10.ppc64le.rpm SHA-256: fedbd61738dc0030564d01e34d14b22d67f460ac9516f1c9445d2fb2a540c356 PackageKit-gstreamer-plugin-debuginfo-1.1.12-8.el8_10.ppc64le.rpm SHA-256: c7409984aa740f8bc4979fadb67f322d517e3e1b4d773edeea2c29be82eb0e64 PackageKit-gtk3-module-1.1.12-8.el8_10.ppc64le.rpm SHA-256: dbe06b56b745a9f0e7f5639d4ba81f243e179a87834a2323e459bc025bd1a438 PackageKit-gtk3-module-debuginfo-1.1.12-8.el8_10.ppc64le.rpm SHA-256: 206caa92290c0c332946a878f0e9190991c1724cb745edc71b0c4637ff28854f Red Hat Enterprise Linux for ARM 64 8 SRPM PackageKit-1.1.12-8.el8_10.src.rpm SHA-256: b1fb2021d7b0e3542927528e3c28b93657aa2facc9a9ba8d29cda7f7c23d7440 aarch64 PackageKit-1.1.12-8.el8_10.aarch64.rpm SHA-256: c90cc423313c1efc8f56f12126b5315edae2bd56f7ac0c9141490961c0e60088 PackageKit-command-not-found-1.1.12-8.el8_10.aarch64.rpm SHA-256: 4e2d7e04214303b66862e4ffa3e20a80f88bab6e3038af85df9b886a03b90bdd PackageKit-command-not-found-debuginfo-1.1.12-8.el8_10.aarch64.rpm SHA-256: 5fe9efd57b9aeb65dd3ed174fb5cba115af1b484328c96a1351609ef85b4ee4c PackageKit-cron-1.1.12-8.el8_10.aarch64.rpm SHA-256: f18d787e43e1b1b7470e5dcc38b992d7bd92e697fb53f8d78a5f09238bb6c018 PackageKit-debuginfo-1.1.12-8.el8_10.aarch64.rpm SHA-256: 54e11cb241cd207acc79dc64cf3042b51bb3c534d3ac00bc7de856f328836fd2 PackageKit-debugsource-1.1.12-8.el8_10.aarch64.rpm SHA-256: 36f50725207dced808ee2e1df26d8fda201d15e3a023be276db491b8c0900d47 PackageKit-glib-1.1.12-8.el8_10.aarch64.rpm SHA-256: 994ea293e72a552092aa0aec670ef4a48b55bdf819e923ab9c7be8f7b9da964f PackageKit-glib-debuginfo-1.1.12-8.el8_10.aarch64.rpm SHA-256: 411bbfc4c995d9e0728377209afa3955609d41f730226ff01d70cf13f9b78672 PackageKit-gstreamer-plugin-1.1.12-8.el8_10.aarch64.rpm SHA-256: 1e9a556fb9b5a85bc249a4dc104e869a77ac6400b39d1305beb20559ad7713ef PackageKit-gstreamer-plugin-debuginfo-1.1.12-8.el8_10.aarch64.rpm SHA-256: 1def0523b24bf63027991ad30cf407764dc3811f3b41751a45ba7a6c6bd097bf PackageKit-gtk3-module-1.1.12-8.el8_10.aarch64.rpm SHA-256: 645ee7e837321e3018df647f65bab