Red Hat Product Errata RHSA-2026:18036 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18036 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM PackageKit-1.2.4-2.el9_2.1.src.rpm SHA-256: 1ef79ab7d8e37992fb41b90b50be08866dbe47cb454c21f19ab7666e14e4d125 x86_64 PackageKit-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 7bf1c8800bda140016a5bb048f8bb962b7aa1f96647768938d57028e7822b17f PackageKit-command-not-found-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 1910de5fbb464769faef486e217ee4ba3554085e9a3286be2e545f0d6bde7977 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: bc78f31f7272162da891f7d7b855c70b09bf9b447682130a737aaa12e1ecc9b4 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: bda2ec8aacdc074eda6d2e7f6f87d59f1f19f0c199f1829b9c29e537320b47de PackageKit-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: 087e357b32a0011f8e9b37a7cc875d032f41426fd8c932e6707235bf4f8573f6 PackageKit-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 3d76e23351ac8b621529a926e508ff70b8d4e39774c06211c3e7a4bce30eb89b PackageKit-debugsource-1.2.4-2.el9_2.1.i686.rpm SHA-256: dd9bbc65270853b5537c989514a4c388a4e134a229151614f97d6ee3c79212c6 PackageKit-debugsource-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 60abdc5551d2177cc61f22d7d04177255be4d3b81bb72a2270a3bff388dfe28a PackageKit-glib-1.2.4-2.el9_2.1.i686.rpm SHA-256: 4d19c4f25381a13ed45c23d513744d23fd4e93954f9ae8fbff65f95c60fb8eee PackageKit-glib-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: b1bb4730bbdbe58e7adb2ac4825f4060236899c97a38d4ec7882ae0fd7311e76 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: b73f45e5190199f354c394ee6c08f6464d943e7679ef979e0a03f220223772b6 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 75e5dbd8611d22ca700fb4bf73190c340fb4bb6677bbb3cc50a1f13cf25cced1 PackageKit-gstreamer-plugin-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: e6acadda11cf605205e1a5b64e87dc77721767bcd8d0bf7a05c739c142c3a124 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: 617a17e6f6d3f4e2461ee96a34dcc40333c9e2af40abebea8a7ff164cbad4a72 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 350355fc4d90b80b31b2d8ef14add8191a03f56004f9d16808c05c029b3dc9d8 PackageKit-gtk3-module-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: eed12b7f92619ac10b634f8e995878f7169c36b9b9109a76ee123b58d4ef2536 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: fb648411ef9b6620b9e0f0fe6602291a4975175fe2764c6b50647dfcb92547bd PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: e992ad6629482df79e3c2674e1b4f35f9b0dd8a9bc89fa4250af3cbf818218eb Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM PackageKit-1.2.4-2.el9_2.1.src.rpm SHA-256: 1ef79ab7d8e37992fb41b90b50be08866dbe47cb454c21f19ab7666e14e4d125 ppc64le PackageKit-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 6a496d2db5d6886b6561a7816d1baaa61e9051a15089a8e688c15cbdb801133d PackageKit-command-not-found-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 38d5e566eb9dff36f563f3542f99357aafd6d80edac593d263da0ad73671ce19 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 7b611a5c73e30c80d998f865121555386413f6ce10ff9308498ba3bf1e5bb9be PackageKit-debuginfo-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 81884aac366e609dfbe3c4ee14fa63c236a13dd2773d219d466785bc59b4bced PackageKit-debugsource-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 88c48955f36638389be9321868b7af24092ee68f9d1cd79c58fbd04eea586264 PackageKit-glib-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: b8307f8d03b81ef789e619649da2ddd71fe4a2a8be2094be8392159328c733c5 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 5da074060abd25450b7c19c6eb5e355fbf2e3cde595088e3c8a664f891b0e620 PackageKit-gstreamer-plugin-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 814085294fd6ea7b7d069926a93c0043be7a7c67314224c19cdd5068c8a7b6a2 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: dac49e387103be592020e4e84403a89d51f85e719a9b8aabdacb0f1bd858f51d PackageKit-gtk3-module-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 3cc80e73966ce09bef2de843e5b9d0691efda307c46a7f833786bb37bf9c41a5 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_2.1.ppc64le.rpm SHA-256: 128664a8496dc06049c3e0024e1db0a05f6cfb1e22a198bfe86234145d64c427 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM PackageKit-1.2.4-2.el9_2.1.src.rpm SHA-256: 1ef79ab7d8e37992fb41b90b50be08866dbe47cb454c21f19ab7666e14e4d125 x86_64 PackageKit-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 7bf1c8800bda140016a5bb048f8bb962b7aa1f96647768938d57028e7822b17f PackageKit-command-not-found-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 1910de5fbb464769faef486e217ee4ba3554085e9a3286be2e545f0d6bde7977 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: bc78f31f7272162da891f7d7b855c70b09bf9b447682130a737aaa12e1ecc9b4 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: bda2ec8aacdc074eda6d2e7f6f87d59f1f19f0c199f1829b9c29e537320b47de PackageKit-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: 087e357b32a0011f8e9b37a7cc875d032f41426fd8c932e6707235bf4f8573f6 PackageKit-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 3d76e23351ac8b621529a926e508ff70b8d4e39774c06211c3e7a4bce30eb89b PackageKit-debugsource-1.2.4-2.el9_2.1.i686.rpm SHA-256: dd9bbc65270853b5537c989514a4c388a4e134a229151614f97d6ee3c79212c6 PackageKit-debugsource-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 60abdc5551d2177cc61f22d7d04177255be4d3b81bb72a2270a3bff388dfe28a PackageKit-glib-1.2.4-2.el9_2.1.i686.rpm SHA-256: 4d19c4f25381a13ed45c23d513744d23fd4e93954f9ae8fbff65f95c60fb8eee PackageKit-glib-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: b1bb4730bbdbe58e7adb2ac4825f4060236899c97a38d4ec7882ae0fd7311e76 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: b73f45e5190199f354c394ee6c08f6464d943e7679ef979e0a03f220223772b6 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 75e5dbd8611d22ca700fb4bf73190c340fb4bb6677bbb3cc50a1f13cf25cced1 PackageKit-gstreamer-plugin-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: e6acadda11cf605205e1a5b64e87dc77721767bcd8d0bf7a05c739c142c3a124 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: 617a17e6f6d3f4e2461ee96a34dcc40333c9e2af40abebea8a7ff164cbad4a72 PackageKit-gstreamer-plugin-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: 350355fc4d90b80b31b2d8ef14add8191a03f56004f9d16808c05c029b3dc9d8 PackageKit-gtk3-module-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: eed12b7f92619ac10b634f8e995878f7169c36b9b9109a76ee123b58d4ef2536 PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_2.1.i686.rpm SHA-256: fb648411ef9b6620b9e0f0fe6602291a4975175fe2764c6b50647dfcb92547bd PackageKit-gtk3-module-debuginfo-1.2.4-2.el9_2.1.x86_64.rpm SHA-256: e992ad6629482df79e3c2674e1b4f35f9b0dd8a9bc89fa4250af3cbf818218eb Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM PackageKit-1.2.4-2.el9_2.1.src.rpm SHA-256: 1ef79ab7d8e37992fb41b90b50be08866dbe47cb454c21f19ab7666e14e4d125 aarch64 PackageKit-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: 1aeab993d849afeb2b8cc2c50cb3a13d8678b8664026c4a4e38b10ee4210d692 PackageKit-command-not-found-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: baac8f3cf86161f2656c12fe958bf8985f55410ef96dd5b6316027adc3808501 PackageKit-command-not-found-debuginfo-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: fb07441c41e26ce0cf09e53ba9b5606fdb2a7af463673816322ac17d3e6923df PackageKit-debuginfo-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: 290b043f61b8e0eecd5e906fa8a81280890781d1afdffd4f78df5aec0f14bcea PackageKit-debugsource-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: 99190fcf78eef97ae2abe015cc022f2e320ed1377da9f1eaac77552083e0dda4 PackageKit-glib-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: 9984cf0a85eefe4c639ded8477ec69c105f87e5a40f2a249415b357fab1a03b1 PackageKit-glib-debuginfo-1.2.4-2.el9_2.1.aarch64.rpm SHA-256: 1cbb9c13b155f550081c09748b6e55092cac8ea5912fa8719665ba2