Red Hat Product Errata RHSA-2026:17558 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17558 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM PackageKit-1.1.12-6.el8_4.1.src.rpm SHA-256: 0308af38e6a3e00fcdc1da0c2533e4a788b38876ed4af876f708fe4c6a79c714 x86_64 PackageKit-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 131bb48cc68a950ae4115e893071e6d54601f1fa882c404621f93536d46c8268 PackageKit-command-not-found-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: ced9543e197590b7b9bb7aab7c0f84a85ebcc93373e80466d0615e64b074ef7c PackageKit-command-not-found-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 35440a44ac3002e582f155cf96b3533d2c3284663c6c19cbdece8a7028d3c892 PackageKit-command-not-found-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 2316d6ffff620c29f4096f0916872a57eedc70952b9c7bc27383cbd4b9c1e2a6 PackageKit-cron-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: ad4deed2d42e12e961cb50a9be9238cbcb29938db95ae04744c9da0fd417f4ef PackageKit-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 999d754891d9e6a5671bdeb38b179b38efed7cd2ff40fce1853b77b8679a5a85 PackageKit-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 78c61b701ae2148170ca98da51896d60053af88cf1d6d26c0069f024fc48a58d PackageKit-debugsource-1.1.12-6.el8_4.1.i686.rpm SHA-256: 7aa878ccf28d5faa5c505109d6cedd93acb04d8f78e5ee1f055de580ef3a1826 PackageKit-debugsource-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 67adf323adc48b719c18899e0992f8c230a5c7f97f99108ad6f6f3fca115e330 PackageKit-glib-1.1.12-6.el8_4.1.i686.rpm SHA-256: 774bae2bcad6de5bcca1a1fc603a291dca46219b746c4f1d8ffe8b102cba415c PackageKit-glib-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 41fbee9b19d3d4b6a7212cfea133625b951913a2773f057595b39792919824c1 PackageKit-glib-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 9187582175691d3735805017327734fb2d9d3642a22a24d84826b3ed30fa5434 PackageKit-glib-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: b4a38dbdaad8059370c6eef0d8b4de6ad91f2b2c906b4bf06614b8ae12fb58db PackageKit-gstreamer-plugin-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 17c0bbbd482469f340674613bc87bce0ba262d010d31c3bf8550c5c84b5736db PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 88054133d93e6db07f3c2ae5d89685a2824ca1188a7b2d0ce82c4271d3ccab3a PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: b90f0c2659c673b197bd163e32ae8e4426ae1db2033fd88a689ce26903cbd7d6 PackageKit-gtk3-module-1.1.12-6.el8_4.1.i686.rpm SHA-256: 0820b57c0f9a49362907609f2cdd45286363a572a4712db7d59b819918911e9b PackageKit-gtk3-module-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 7420625ec8a80a1c78fa4c75e419ef8369750840393f019797e765901ab32b9e PackageKit-gtk3-module-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 698ca04d0b27191fe855e80046a9f6f9423eaa06ee693d4f1aea0bca62da8816 PackageKit-gtk3-module-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 1e56a1f8211b6dd17a89abaf19efbc1c6aff79e1af03c963991a3effc5a0e2d8 Red Hat Enterprise Linux Server - AUS 8.4 SRPM PackageKit-1.1.12-6.el8_4.1.src.rpm SHA-256: 0308af38e6a3e00fcdc1da0c2533e4a788b38876ed4af876f708fe4c6a79c714 x86_64 PackageKit-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 131bb48cc68a950ae4115e893071e6d54601f1fa882c404621f93536d46c8268 PackageKit-command-not-found-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: ced9543e197590b7b9bb7aab7c0f84a85ebcc93373e80466d0615e64b074ef7c PackageKit-command-not-found-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 35440a44ac3002e582f155cf96b3533d2c3284663c6c19cbdece8a7028d3c892 PackageKit-command-not-found-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 2316d6ffff620c29f4096f0916872a57eedc70952b9c7bc27383cbd4b9c1e2a6 PackageKit-cron-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: ad4deed2d42e12e961cb50a9be9238cbcb29938db95ae04744c9da0fd417f4ef PackageKit-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 999d754891d9e6a5671bdeb38b179b38efed7cd2ff40fce1853b77b8679a5a85 PackageKit-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 78c61b701ae2148170ca98da51896d60053af88cf1d6d26c0069f024fc48a58d PackageKit-debugsource-1.1.12-6.el8_4.1.i686.rpm SHA-256: 7aa878ccf28d5faa5c505109d6cedd93acb04d8f78e5ee1f055de580ef3a1826 PackageKit-debugsource-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 67adf323adc48b719c18899e0992f8c230a5c7f97f99108ad6f6f3fca115e330 PackageKit-glib-1.1.12-6.el8_4.1.i686.rpm SHA-256: 774bae2bcad6de5bcca1a1fc603a291dca46219b746c4f1d8ffe8b102cba415c PackageKit-glib-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 41fbee9b19d3d4b6a7212cfea133625b951913a2773f057595b39792919824c1 PackageKit-glib-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 9187582175691d3735805017327734fb2d9d3642a22a24d84826b3ed30fa5434 PackageKit-glib-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: b4a38dbdaad8059370c6eef0d8b4de6ad91f2b2c906b4bf06614b8ae12fb58db PackageKit-gstreamer-plugin-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 17c0bbbd482469f340674613bc87bce0ba262d010d31c3bf8550c5c84b5736db PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 88054133d93e6db07f3c2ae5d89685a2824ca1188a7b2d0ce82c4271d3ccab3a PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: b90f0c2659c673b197bd163e32ae8e4426ae1db2033fd88a689ce26903cbd7d6 PackageKit-gtk3-module-1.1.12-6.el8_4.1.i686.rpm SHA-256: 0820b57c0f9a49362907609f2cdd45286363a572a4712db7d59b819918911e9b PackageKit-gtk3-module-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 7420625ec8a80a1c78fa4c75e419ef8369750840393f019797e765901ab32b9e PackageKit-gtk3-module-debuginfo-1.1.12-6.el8_4.1.i686.rpm SHA-256: 698ca04d0b27191fe855e80046a9f6f9423eaa06ee693d4f1aea0bca62da8816 PackageKit-gtk3-module-debuginfo-1.1.12-6.el8_4.1.x86_64.rpm SHA-256: 1e56a1f8211b6dd17a89abaf19efbc1c6aff79e1af03c963991a3effc5a0e2d8 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .