Red Hat Product Errata RHSA-2026:18024 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18024 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM PackageKit-1.2.4-2.el9_0.1.src.rpm SHA-256: f7740d6d4ce90eca519118be8cb0b7fa00a526764d96fa62626caf9d085c6db7 ppc64le PackageKit-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: ebd55b7a1718d666c81f3d42ceed0377de0e62e88fa2ded09c148dc85311b0f7 PackageKit-command-not-found-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: 92f11b7754fc8d9c367d43aa392742af674bbab3c7664f3195e3bb7e7147c135 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: 51f05e03e3ed91a51253d4f036b7becb0fa337802769514dec3b5045ebf0252a PackageKit-debuginfo-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: c67da32919c9ce66625e8c3087ae473a6d9e90c581038d1cd95ebfb81e3d5097 PackageKit-debugsource-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: d0b1d57bcebfdb531907a512a45113b9e421ca57911b052675e4ac4946499209 PackageKit-glib-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: c5837a5f54581205ae337050a50b8b8e4b995a650c8ba76523a64d76cf220ae0 PackageKit-glib-debuginfo-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: ca0e3f24bdef5df2bf38945c4473abc26d7f64da0dc28dcbf8e154bc33dc1887 PackageKit-gstreamer-plugin-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: 7f2dcced76dedd344b78dab3f4f72245c2958f89d91a5a17b59d8e9928b73f5a PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: 8b8051c57ac86df7b96b6d32637377e522f4b87a065fcad8c151f2155f2fb08a PackageKit-gtk3-module-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: a15e62c6b9d96f5fc7f07db9b366583431d9f21af750cdcc8479253509526021 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_0.1.ppc64le.rpm SHA-256: e0c2ca1ec50249f8ef638608809e1f710c467834d40ea38691f43325a44f62ac Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM PackageKit-1.2.4-2.el9_0.1.src.rpm SHA-256: f7740d6d4ce90eca519118be8cb0b7fa00a526764d96fa62626caf9d085c6db7 x86_64 PackageKit-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 4ee9005a3caf2614bb3b72a8c6364cd8d152e97f484bd658161aceb529c652ed PackageKit-command-not-found-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 6ede7cda64b5294cd789b2cb7120dac710b7fd525a3b72218f61c13062ae7ad5 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_0.1.i686.rpm SHA-256: ee1f07bbb22282785226cb10ef6c955775fd769af11c17a699447455c8af16f9 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 01ece782696282d8c42026f4981a4ee9febe7731dcd78864d5f9effb371a31f8 PackageKit-debuginfo-1.2.4-2.el9_0.1.i686.rpm SHA-256: 01d3de5c3c9c3fcba8a040b36adcad141bb8296eaabccdd9fa8b8d9e827bae02 PackageKit-debuginfo-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: ac09b4fb00f560377a7ad4a76f05056f426c26ce9c705cb82b27c980b7842561 PackageKit-debugsource-1.2.4-2.el9_0.1.i686.rpm SHA-256: b2317edba32110bb282c901fac1ae19c1903518d978c60765370dc5876daf07a PackageKit-debugsource-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: e48404c79691d13dce36312d38022632b8a255bcf1aa798ad7c47d86e6fddb27 PackageKit-glib-1.2.4-2.el9_0.1.i686.rpm SHA-256: 6d89931ca7a83859f94b510c887b26ab67a78f762bf8fc322ad821949f110f22 PackageKit-glib-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 7ccaebcc94687dd2a6ed462853b9d600ed8775d221cdf17aaea3628238fd88fe PackageKit-glib-debuginfo-1.2.4-2.el9_0.1.i686.rpm SHA-256: 2144aa76cfbe585f070067442e693e6fc679805b3a1fc8ee3a9918419b6eb7b0 PackageKit-glib-debuginfo-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: e6a87ecc6f8b23138023e7ee5afcb6c078a54be52e73bd10a01cad58deff4713 PackageKit-gstreamer-plugin-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 1cbdd97005eaec3dca52b4e0253fd937acb25862d1bcb958655f57902d4889e4 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_0.1.i686.rpm SHA-256: c77b2b88d9e9ece5aafd742f8b9dce34cf78de196045525e6506f459fa8e68df PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 77d56d493d9ddcac7b29c06da0848668bc2a99e8def159612a2581d7cb02c9f8 PackageKit-gtk3-module-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: 1552b98b9d52a4094be30fac8a9e90043b9d6939359cc322e2ba34892b9c6a75 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_0.1.i686.rpm SHA-256: fbc24551038b7082504a173738ff2aeaf365a8404abc6bd8fa96df4fb74c7c30 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_0.1.x86_64.rpm SHA-256: cba660f96b531becc01b4358cca211b38bde0f9a293fcc551535ce3407b660cd Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM PackageKit-1.2.4-2.el9_0.1.src.rpm SHA-256: f7740d6d4ce90eca519118be8cb0b7fa00a526764d96fa62626caf9d085c6db7 aarch64 PackageKit-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: e88d9ef71572fef4f0767a378073a09a7f33ae9c9467eae0249d78773261ccb6 PackageKit-command-not-found-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 9b0c3e2747a3e1248bb30ec7334d019963849a2138ccb8df263ce6a402851bdc PackageKit-command-not-found-debuginfo-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: a9e580f6864acb5a4785345b24a99f72d5c764b1c6dcd0b34c72404ecc7f3dcd PackageKit-debuginfo-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 40126eabc4f048840c64f9de9315578005e23eaf5796b7a114be978409899346 PackageKit-debugsource-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 206433c0edbe14c4690f50d813d460c4f04f92cd2778e0a3da90ed1759a55be5 PackageKit-glib-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 8aaf20cc8492049849036b25d87f6cce00788a9c2b5083943cac7a47b6daa7d4 PackageKit-glib-debuginfo-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 202060ab1230062dfc0a01496c1019354e84dd5e0c7243ab00b4907c3b69019e PackageKit-gstreamer-plugin-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: e33f6bd55ef89af7e6d117edf41755738b4beb45560e2bb3b251c1a32d5d7717 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: bfd569a5dc108966e1695945d22008dc1ca1d6aa7c2b75b2499256d6ad9f2cda PackageKit-gtk3-module-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 01ccf8ca06b57c6324362c6ec63f93b4f1526cd66c673cb79c3294ce15126998 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_0.1.aarch64.rpm SHA-256: 90fae7bef703b2c86de90582f5dcc4458b291b5aed284894bb0cf501a5883f28 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM PackageKit-1.2.4-2.el9_0.1.src.rpm SHA-256: f7740d6d4ce90eca519118be8cb0b7fa00a526764d96fa62626caf9d085c6db7 s390x PackageKit-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 8d4f7127ee366c435fe67ca382197c623bf81e5ced688ede9a24b738fd2041ff PackageKit-command-not-found-1.2.4-2.el9_0.1.s390x.rpm SHA-256: fec4449708c8d173816f5625959d4b7509e7d64413a8d972a66eb096cf836c48 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 6e8e9852d514f13cb9d0d81eeae789c59859507eab79eb3cf04741d2b92c6eae PackageKit-debuginfo-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 0d1d5c2e4aed7be96612d211ce3b5e3ca4260175a745946a417245b97f1ad243 PackageKit-debugsource-1.2.4-2.el9_0.1.s390x.rpm SHA-256: a0a251089b66be8d0a6e921c74dd6f1dc4ff12b74c43b39754145f3f26ba2340 PackageKit-glib-1.2.4-2.el9_0.1.s390x.rpm SHA-256: b0f4fdd7164612017445b8cb5b288514d2a7338eb396978cbc10af20476ba1e9 PackageKit-glib-debuginfo-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 5560f5bf64aa2780a6e168b5374a3508d9d3738c50bf4dbc827da00e6ebdbe2f PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 413f83c900fb94a193071b44a10718891b6ecc0dd2a8c7c09aa0664f1e10de0d PackageKit-gtk3-module-1.2.4-2.el9_0.1.s390x.rpm SHA-256: 7ba57c6706678a73b9e1a67fb5423c1cb696110ddf4772685e0d78f9a419ab89 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_0.1.s390x.rpm SHA-256: e07699d1e7d6980c845e2e478819546c57725804a0bbda34f6fece444c1f83a6 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .