- What: Security update for p11-kit in Red Hat Enterprise Linux 10
- Impact: PKCS#11 module may be vulnerable to NULL dereference attacks
Red Hat Product Errata RHSA-2026:18143 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18143 - Security Advisory Overview Updated Packages Synopsis Moderate: p11-kit security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for p11-kit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files. Security Fix(es): p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2437308 - CVE-2026-2100 p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters RHEL-89706 - Split p11-kit-client.so into a separate sub-package RHEL-121792 - p11-kit creates incorrect label for certificate with multiple CNs in subject CVEs CVE-2026-2100 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM p11-kit-0.26.2-1.el10.src.rpm SHA-256: c5a42469efcdb6061654f5eeb44b22a03ea5001734dc2156129542d832eb1d59 x86_64 p11-kit-0.26.2-1.el10.x86_64.rpm SHA-256: 880c1237abfdf74cccadccf156517344a379c565a5c060b3034835c4a09ab8c6 p11-kit-client-0.26.2-1.el10.x86_64.rpm SHA-256: 44b8694ee79cd9a17249d15ab867995cab1e123b22085b27e79857c20f32ca48 p11-kit-client-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 7ffa61e1f177d65020d05c489df1bbbf400419854f1a64c1d60464475233c8a3 p11-kit-client-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 7ffa61e1f177d65020d05c489df1bbbf400419854f1a64c1d60464475233c8a3 p11-kit-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 99725b73e13a22676efc8fe3318ebfac0ad6cf7cfbe617f4dce84a88fe80cbbd p11-kit-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 99725b73e13a22676efc8fe3318ebfac0ad6cf7cfbe617f4dce84a88fe80cbbd p11-kit-debugsource-0.26.2-1.el10.x86_64.rpm SHA-256: 0e5eb33e8b2f14a1b7ccf4b6fe055fa87b085bb342aef91d3deabfc1175524db p11-kit-debugsource-0.26.2-1.el10.x86_64.rpm SHA-256: 0e5eb33e8b2f14a1b7ccf4b6fe055fa87b085bb342aef91d3deabfc1175524db p11-kit-devel-0.26.2-1.el10.x86_64.rpm SHA-256: 3172487a55be6fd149567d926377cabb48a71424608a9824419f976c548505f6 p11-kit-server-0.26.2-1.el10.x86_64.rpm SHA-256: 0929e5e2cbd8afe0a75c3033029676757de2e67396ff9340967680c5b04c9b39 p11-kit-server-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 79e6c4898ada81ae011d54704fa19db049b971c04edf666ce4635f1949af429e p11-kit-server-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 79e6c4898ada81ae011d54704fa19db049b971c04edf666ce4635f1949af429e p11-kit-trust-0.26.2-1.el10.x86_64.rpm SHA-256: 59a1d37a6a037fe2b6b38623f2e7b2a47a3a8ace5f52d1b2cf4c7bd5f139b6b6 p11-kit-trust-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 553f2c207400d90eb72771bd2e77b72e773031c2046e292dbd7bb16af221823e p11-kit-trust-debuginfo-0.26.2-1.el10.x86_64.rpm SHA-256: 553f2c207400d90eb72771bd2e77b72e773031c2046e292dbd7bb16af221823e Red Hat Enterprise Linux for IBM z Systems 10 SRPM p11-kit-0.26.2-1.el10.src.rpm SHA-256: c5a42469efcdb6061654f5eeb44b22a03ea5001734dc2156129542d832eb1d59 s390x p11-kit-0.26.2-1.el10.s390x.rpm SHA-256: c35e04d8be467ebef8fad6a8874cd53aca563ed8757c6c0839130091b90c4798 p11-kit-client-0.26.2-1.el10.s390x.rpm SHA-256: f2c97f841de0130102089364390d8f4930b545e6f5e13aaa344dc96228f45e42 p11-kit-client-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 7067af4c753c01c5aac33de51749f3c7679c3cf0db0023f412e4258c9f29bbe5 p11-kit-client-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 7067af4c753c01c5aac33de51749f3c7679c3cf0db0023f412e4258c9f29bbe5 p11-kit-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 522531f21bea2e9e3969e3be64a987658d1fd27c6daca7b09fe841ce5e1d23c2 p11-kit-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 522531f21bea2e9e3969e3be64a987658d1fd27c6daca7b09fe841ce5e1d23c2 p11-kit-debugsource-0.26.2-1.el10.s390x.rpm SHA-256: 47d45e75a1058f5af4b922ac2133fc879c60ba2899e095c73ddde3853a39646f p11-kit-debugsource-0.26.2-1.el10.s390x.rpm SHA-256: 47d45e75a1058f5af4b922ac2133fc879c60ba2899e095c73ddde3853a39646f p11-kit-devel-0.26.2-1.el10.s390x.rpm SHA-256: f5eed2c30132fb981fc082e17dd323e7a4926b059449193b34c4a326531aa2c5 p11-kit-server-0.26.2-1.el10.s390x.rpm SHA-256: 19af92a431636377f1a4a60b54fc1d41a31c94b662c38c58a61a281205d38a69 p11-kit-server-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 0a9bac2367f8f6fce16037d3b5a0284de0b54b563137ad5408b522a6f5cfa489 p11-kit-server-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 0a9bac2367f8f6fce16037d3b5a0284de0b54b563137ad5408b522a6f5cfa489 p11-kit-trust-0.26.2-1.el10.s390x.rpm SHA-256: 7eb632eae61502d983a3fba2319d128d2666561cb43603b53489591e920722ae p11-kit-trust-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 25fba517652af07ef2fbbad1a71a692b6c5503bf9eafa14e519ff06b1a8b315c p11-kit-trust-debuginfo-0.26.2-1.el10.s390x.rpm SHA-256: 25fba517652af07ef2fbbad1a71a692b6c5503bf9eafa14e519ff06b1a8b315c Red Hat Enterprise Linux for Power, little endian 10 SRPM p11-kit-0.26.2-1.el10.src.rpm SHA-256: c5a42469efcdb6061654f5eeb44b22a03ea5001734dc2156129542d832eb1d59 ppc64le p11-kit-0.26.2-1.el10.ppc64le.rpm SHA-256: 2008a0aaafcd94b64626a7ab5127ecbe69899cb2f53c64294164f17b0133f798 p11-kit-client-0.26.2-1.el10.ppc64le.rpm SHA-256: 67ca8512f81c2021fe94d0d3f85bd6bf35ce55c6bd9e2d8010bb68820807e77d p11-kit-client-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 99bf819a87b934543b5e04e89dd57fcbf1811209bb2975f60e40b53e1d3fbf4f p11-kit-client-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 99bf819a87b934543b5e04e89dd57fcbf1811209bb2975f60e40b53e1d3fbf4f p11-kit-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 4ee96071ab84432de558e2fac37dbadf79239b6e38c852c85d4d6759bb68f871 p11-kit-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 4ee96071ab84432de558e2fac37dbadf79239b6e38c852c85d4d6759bb68f871 p11-kit-debugsource-0.26.2-1.el10.ppc64le.rpm SHA-256: 4a78cce7598a95d3f3ee0189c18aef5df8195cdf9426b0dc5c82894c544bfe72 p11-kit-debugsource-0.26.2-1.el10.ppc64le.rpm SHA-256: 4a78cce7598a95d3f3ee0189c18aef5df8195cdf9426b0dc5c82894c544bfe72 p11-kit-devel-0.26.2-1.el10.ppc64le.rpm SHA-256: 015157875cf89f98e0b68f8a67f1e437e9f371e67990264007ff483a9ece38ef p11-kit-server-0.26.2-1.el10.ppc64le.rpm SHA-256: 12a85b9ad2a53aa59da048a1026edfa81a3232ddc43428dba6b503416eea620d p11-kit-server-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 3c9b5ffed64f7abdce82c2a57e5d54318cfcd076fdc449dcaf95869f3d89b7bb p11-kit-server-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 3c9b5ffed64f7abdce82c2a57e5d54318cfcd076fdc449dcaf95869f3d89b7bb p11-kit-trust-0.26.2-1.el10.ppc64le.rpm SHA-256: 76deccfb7df7d0aca925a8d238385d07422ec95479f7be1cb90c9a074f9f58ab p11-kit-trust-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 242cbf8f6ebfbcbc4029ea334b08ecbed7bdcf854e4464836da6f38a5ea17cc8 p11-kit-trust-debuginfo-0.26.2-1.el10.ppc64le.rpm SHA-256: 242cbf8f6ebfbcbc4029ea334b08ecbed7bdcf854e4464836da6f38a5ea17cc8 Red Hat Enterprise Linux for ARM 64 10 SRPM p11-kit-0.26.2-1.el10.src.rpm SHA-256: c5a42469efcdb6061654f5eeb44b22a03ea5001734dc2156129542d832eb1d59 aarch64 p11-kit-0.26.2-1.el10.aarch64.rpm SHA-256: 926d2e5cee1dd5258985a322db21fb2d759021ffb7a79d196363050894c232a9 p11-kit-client-0.26.2-1.el10.aarch64.rpm SHA-256: ce9d6ecaede31b0c22d04879abebd7d96a9c8a483847ecac8c9b25ae454cba89 p11-kit-client-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: bb35c4a327b1c5ddfd604881e66e116877f9838643a25513b044e0e28eb15932 p11-kit-client-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: bb35c4a327b1c5ddfd604881e66e116877f9838643a25513b044e0e28eb15932 p11-kit-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: c42894caa8f6483e84d6c9dafb5fe1d300b3e4dcbd7a9ea1b93b48b8c7621d5c p11-kit-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: c42894caa8f6483e84d6c9dafb5fe1d300b3e4dcbd7a9ea1b93b48b8c7621d5c p11-kit-debugsource-0.26.2-1.el10.aarch64.rpm SHA-256: 06f30c806d29fe8cd0f2533a3368a078e18d6c45841adfa5c1adecd376dbe3a0 p11-kit-debugsource-0.26.2-1.el10.aarch64.rpm SHA-256: 06f30c806d29fe8cd0f2533a3368a078e18d6c45841adfa5c1adecd376dbe3a0 p11-kit-devel-0.26.2-1.el10.aarch64.rpm SHA-256: 6b88300f5457c87d1f425b76fe23f37577c3ba58ea69498a5f6456ebd5ffa76c p11-kit-server-0.26.2-1.el10.aarch64.rpm SHA-256: b40954000c25e536f06b011a90271aa25a5a4561746f6dfc685420b12596e627 p11-kit-server-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: 6b44acff98c8a4e8e4c95f3cfd9fc95bcc0c010db9ecb5bc8e3d2acb43dac4ef p11-kit-server-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: 6b44acff98c8a4e8e4c95f3cfd9fc95bcc0c010db9ecb5bc8e3d2acb43dac4ef p11-kit-trust-0.26.2-1.el10.aarch64.rpm SHA-256: 4890b56b9cfb17d0083fde4a3035767d0079c84e63f88a649090632ee366ae78 p11-kit-trust-debuginfo-0.26.2-1.el10.aarch64.rpm SHA-256: dd7378d0acabdcf6051be3a9ca867c63a1d1e33d49f58d6ecc7c3b96779d9af4 p11-kit-trust-debuginfo-0.26.2-1.el