Red Hat Product Errata RHSA-2026:19128 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19128 - Security Advisory Overview Updated Packages Synopsis Important: yggdrasil-worker-package-manager security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for yggdrasil-worker-package-manager is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f x86_64 yggdrasil-worker-package-manager-0.2.3-6.el10_2.x86_64.rpm SHA-256: ed7643331519b13fcee497f6e1602425c6d36fd4a4d51ccd45618ca56b0cd339 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.x86_64.rpm SHA-256: 448e2bfd66c3fbdc8baf45e18bd8dc4f67e0beba837e0bb4cc25c8ef03257268 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.x86_64.rpm SHA-256: 2f6fd0562c3d0a3df09b64bf430eb8c4347178e23a069ef823bb8bf7da52cb2e Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f x86_64 yggdrasil-worker-package-manager-0.2.3-6.el10_2.x86_64.rpm SHA-256: ed7643331519b13fcee497f6e1602425c6d36fd4a4d51ccd45618ca56b0cd339 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.x86_64.rpm SHA-256: 448e2bfd66c3fbdc8baf45e18bd8dc4f67e0beba837e0bb4cc25c8ef03257268 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.x86_64.rpm SHA-256: 2f6fd0562c3d0a3df09b64bf430eb8c4347178e23a069ef823bb8bf7da52cb2e Red Hat Enterprise Linux for IBM z Systems 10 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f s390x yggdrasil-worker-package-manager-0.2.3-6.el10_2.s390x.rpm SHA-256: 67b7693cd8cf86d22f2907499633b934d1b5e6da1670251de1bc44c1b163b2e7 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.s390x.rpm SHA-256: e4edd09bccc7f9b804339a5f9b098fe84f88f9cd90cfcce0724012b71d62ee8c yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.s390x.rpm SHA-256: 4d4050cb7281eda8585e9c542c0bbde131a66815f529d0d9011cf61c45cc4cf3 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f s390x yggdrasil-worker-package-manager-0.2.3-6.el10_2.s390x.rpm SHA-256: 67b7693cd8cf86d22f2907499633b934d1b5e6da1670251de1bc44c1b163b2e7 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.s390x.rpm SHA-256: e4edd09bccc7f9b804339a5f9b098fe84f88f9cd90cfcce0724012b71d62ee8c yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.s390x.rpm SHA-256: 4d4050cb7281eda8585e9c542c0bbde131a66815f529d0d9011cf61c45cc4cf3 Red Hat Enterprise Linux for Power, little endian 10 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f ppc64le yggdrasil-worker-package-manager-0.2.3-6.el10_2.ppc64le.rpm SHA-256: 72f3ad2b11e2130b9266d1b7227b84cf78942ef91c84ffd9b930195e587c0d42 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.ppc64le.rpm SHA-256: fbb19fe9cf69ec81ea3764c9ae592dfc2894aa0fc58572e4d3daa3ce8c3d7195 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.ppc64le.rpm SHA-256: de7a6481255d21bb2f08e18e24df27ea67f0e4d3291039348ba68aa22332a5bb Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f ppc64le yggdrasil-worker-package-manager-0.2.3-6.el10_2.ppc64le.rpm SHA-256: 72f3ad2b11e2130b9266d1b7227b84cf78942ef91c84ffd9b930195e587c0d42 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.ppc64le.rpm SHA-256: fbb19fe9cf69ec81ea3764c9ae592dfc2894aa0fc58572e4d3daa3ce8c3d7195 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.ppc64le.rpm SHA-256: de7a6481255d21bb2f08e18e24df27ea67f0e4d3291039348ba68aa22332a5bb Red Hat Enterprise Linux for ARM 64 10 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f aarch64 yggdrasil-worker-package-manager-0.2.3-6.el10_2.aarch64.rpm SHA-256: 13b98138ca05425e65f5f815929685582b947182bf91ed8657e2b2b10c19f813 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.aarch64.rpm SHA-256: e7ac6aefc9133a63f9f46671d8002b2eb754a92192a1955dd0272113c8ab2b16 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.aarch64.rpm SHA-256: 6f3c8a71028a144380e076f4de4bf7194c6e38b58ca41daa2d5b7f04440fd7ca Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f aarch64 yggdrasil-worker-package-manager-0.2.3-6.el10_2.aarch64.rpm SHA-256: 13b98138ca05425e65f5f815929685582b947182bf91ed8657e2b2b10c19f813 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.aarch64.rpm SHA-256: e7ac6aefc9133a63f9f46671d8002b2eb754a92192a1955dd0272113c8ab2b16 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.aarch64.rpm SHA-256: 6f3c8a71028a144380e076f4de4bf7194c6e38b58ca41daa2d5b7f04440fd7ca Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f aarch64 yggdrasil-worker-package-manager-0.2.3-6.el10_2.aarch64.rpm SHA-256: 13b98138ca05425e65f5f815929685582b947182bf91ed8657e2b2b10c19f813 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.aarch64.rpm SHA-256: e7ac6aefc9133a63f9f46671d8002b2eb754a92192a1955dd0272113c8ab2b16 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.aarch64.rpm SHA-256: 6f3c8a71028a144380e076f4de4bf7194c6e38b58ca41daa2d5b7f04440fd7ca Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f s390x yggdrasil-worker-package-manager-0.2.3-6.el10_2.s390x.rpm SHA-256: 67b7693cd8cf86d22f2907499633b934d1b5e6da1670251de1bc44c1b163b2e7 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.s390x.rpm SHA-256: e4edd09bccc7f9b804339a5f9b098fe84f88f9cd90cfcce0724012b71d62ee8c yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.s390x.rpm SHA-256: 4d4050cb7281eda8585e9c542c0bbde131a66815f529d0d9011cf61c45cc4cf3 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.src.rpm SHA-256: 2e6b798a7feddd5595ea36c534bdfd0f17444a946bdf67aba650056265d02b2f ppc64le yggdrasil-worker-package-manager-0.2.3-6.el10_2.ppc64le.rpm SHA-256: 72f3ad2b11e2130b9266d1b7227b84cf78942ef91c84ffd9b930195e587c0d42 yggdrasil-worker-package-manager-debuginfo-0.2.3-6.el10_2.ppc64le.rpm SHA-256: fbb19fe9cf69ec81ea3764c9ae592dfc2894aa0fc58572e4d3daa3ce8c3d7195 yggdrasil-worker-package-manager-debugsource-0.2.3-6.el10_2.ppc64le.rpm SHA-256: de7a6481255d21bb2f08e18e24df27ea67f0e4d3291039348ba68aa22332a5bb Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 SRPM yggdrasil-worker-package-manager-0.2.3-6.el10_2.sr