Red Hat Product Errata RHSA-2026:19354 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19354 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM PackageKit-1.2.6-2.el9_8.src.rpm SHA-256: 03086ad114e8eb924f33ade50d81e1dd8b01dd8850a275bfb2fb193793f39f5d x86_64 PackageKit-1.2.6-2.el9_8.x86_64.rpm SHA-256: 993f643d8d825d4ada84b29d74a935e07763fe800ee32fbbd549f25068f65415 PackageKit-command-not-found-1.2.6-2.el9_8.x86_64.rpm SHA-256: 09d06427e6e29e73139401c61207736f29cf8b61033aaddadc62a2a9d08ccade PackageKit-command-not-found-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: d586b4f854c7d1a240daca61175bd27d150fcf20104650c0cfd706c9360ec797 PackageKit-command-not-found-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: 5e5177f7ee3c67d26e48ae3f31ac4e58540cea46b985cd1bffca77b47e758e12 PackageKit-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: 51379c9857a38d4610d374b74cab3a5d702f31b1f47e7a97104d95ca13cf5df0 PackageKit-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: e29a12e4560b9a24115ebcdae49e018ab79188ca9cc3800d78c147b37ad875de PackageKit-debugsource-1.2.6-2.el9_8.i686.rpm SHA-256: 5fa9b4c45b3f243c273d89dbd4671fae72d28488f759af721d0a8fd4eee2e584 PackageKit-debugsource-1.2.6-2.el9_8.x86_64.rpm SHA-256: 477bf7e00e88a107bb9eb49a4602cd4f1c50ba5fb0da23ad0d72902835dcd2a8 PackageKit-glib-1.2.6-2.el9_8.i686.rpm SHA-256: c5bb5136ac7280eef3bfb30c226248a42182a00b52236d15aee059de5ac3c7cd PackageKit-glib-1.2.6-2.el9_8.x86_64.rpm SHA-256: c5008e7803c787e8fa94fc84031561dedfd8cbef9aacc2bd2c659d5416167019 PackageKit-glib-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: ab1ea9f20750799a762fa5a492225480fee46c1f5567a709d05c6080add54e1f PackageKit-glib-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: c98c17debbc12044a87f9d7fe46d195eea7771f9c8221587a99770110fda0b1f PackageKit-gstreamer-plugin-1.2.6-2.el9_8.x86_64.rpm SHA-256: b66dc0c692effa7eabc23740497fecf3c3778d0f954e49cda5cb14e084cd1395 PackageKit-gstreamer-plugin-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: 27d0c077b92cbe6d23a77b963fcef066f1f916300d0091fcce8b0db1a8a1c705 PackageKit-gstreamer-plugin-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: b48ae3dd65761ad9f79994b99afa991538b6639f7626a54734688852ee588050 PackageKit-gtk3-module-1.2.6-2.el9_8.x86_64.rpm SHA-256: 67072d8c1bcfd8f740e5de47e04d2be4a39dc721e28c0ca0ac55471aadbcb054 PackageKit-gtk3-module-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: f4de1350aee4ecbb68289c6c0d73ed6b6079f4418cc4c601a533d76142f1a9f5 PackageKit-gtk3-module-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: 4dde244b1c820d13561acac615897c9fb4fabdb135b00eb269f2ae89d1855f5d Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM PackageKit-1.2.6-2.el9_8.src.rpm SHA-256: 03086ad114e8eb924f33ade50d81e1dd8b01dd8850a275bfb2fb193793f39f5d x86_64 PackageKit-1.2.6-2.el9_8.x86_64.rpm SHA-256: 993f643d8d825d4ada84b29d74a935e07763fe800ee32fbbd549f25068f65415 PackageKit-command-not-found-1.2.6-2.el9_8.x86_64.rpm SHA-256: 09d06427e6e29e73139401c61207736f29cf8b61033aaddadc62a2a9d08ccade PackageKit-command-not-found-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: d586b4f854c7d1a240daca61175bd27d150fcf20104650c0cfd706c9360ec797 PackageKit-command-not-found-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: 5e5177f7ee3c67d26e48ae3f31ac4e58540cea46b985cd1bffca77b47e758e12 PackageKit-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: 51379c9857a38d4610d374b74cab3a5d702f31b1f47e7a97104d95ca13cf5df0 PackageKit-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: e29a12e4560b9a24115ebcdae49e018ab79188ca9cc3800d78c147b37ad875de PackageKit-debugsource-1.2.6-2.el9_8.i686.rpm SHA-256: 5fa9b4c45b3f243c273d89dbd4671fae72d28488f759af721d0a8fd4eee2e584 PackageKit-debugsource-1.2.6-2.el9_8.x86_64.rpm SHA-256: 477bf7e00e88a107bb9eb49a4602cd4f1c50ba5fb0da23ad0d72902835dcd2a8 PackageKit-glib-1.2.6-2.el9_8.i686.rpm SHA-256: c5bb5136ac7280eef3bfb30c226248a42182a00b52236d15aee059de5ac3c7cd PackageKit-glib-1.2.6-2.el9_8.x86_64.rpm SHA-256: c5008e7803c787e8fa94fc84031561dedfd8cbef9aacc2bd2c659d5416167019 PackageKit-glib-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: ab1ea9f20750799a762fa5a492225480fee46c1f5567a709d05c6080add54e1f PackageKit-glib-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: c98c17debbc12044a87f9d7fe46d195eea7771f9c8221587a99770110fda0b1f PackageKit-gstreamer-plugin-1.2.6-2.el9_8.x86_64.rpm SHA-256: b66dc0c692effa7eabc23740497fecf3c3778d0f954e49cda5cb14e084cd1395 PackageKit-gstreamer-plugin-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: 27d0c077b92cbe6d23a77b963fcef066f1f916300d0091fcce8b0db1a8a1c705 PackageKit-gstreamer-plugin-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: b48ae3dd65761ad9f79994b99afa991538b6639f7626a54734688852ee588050 PackageKit-gtk3-module-1.2.6-2.el9_8.x86_64.rpm SHA-256: 67072d8c1bcfd8f740e5de47e04d2be4a39dc721e28c0ca0ac55471aadbcb054 PackageKit-gtk3-module-debuginfo-1.2.6-2.el9_8.i686.rpm SHA-256: f4de1350aee4ecbb68289c6c0d73ed6b6079f4418cc4c601a533d76142f1a9f5 PackageKit-gtk3-module-debuginfo-1.2.6-2.el9_8.x86_64.rpm SHA-256: 4dde244b1c820d13561acac615897c9fb4fabdb135b00eb269f2ae89d1855f5d Red Hat Enterprise Linux for IBM z Systems 9 SRPM PackageKit-1.2.6-2.el9_8.src.rpm SHA-256: 03086ad114e8eb924f33ade50d81e1dd8b01dd8850a275bfb2fb193793f39f5d s390x PackageKit-1.2.6-2.el9_8.s390x.rpm SHA-256: f0e46d6ee7a9eeb3af1ce078356b3f43266679777edd8ae857fc1539e6a540b4 PackageKit-command-not-found-1.2.6-2.el9_8.s390x.rpm SHA-256: 80d79feafe8e8a5d78907711955fb66bd4ef209fc19163ac3e2822d21ff5c60e PackageKit-command-not-found-debuginfo-1.2.6-2.el9_8.s390x.rpm SHA-256: 98a0c50cae3755d9062deacb9c1ac1adc5d03665ee52321dd87d71f580fc6703 PackageKit-debuginfo-1.2.6-2.el9_8.s390x.rpm SHA-256: 2ff72169f4aa4866cc0a5681cf1806ca8904a0c49d11f3f1adb0488269fe4fce PackageKit-debugsource-1.2.6-2.el9_8.s390x.rpm SHA-256: cd633d19815ccf460e92cd1297996f393a6b3058b73f7dd2cfd84c58be64d75d PackageKit-glib-1.2.6-2.el9_8.s390x.rpm SHA-256: f659216260b7279e7cedb1a72a35fcd2d5cb143f16cafc906537f56ede4f678e PackageKit-glib-debuginfo-1.2.6-2.el9_8.s390x.rpm SHA-256: c747ca5dad326ac4631e463814d6df9c46e397a4544aae07e38ea3fa01e387e6 PackageKit-gstreamer-plugin-debuginfo-1.2.6-2.el9_8.s390x.rpm SHA-256: 9c2da8fb9121d730a5e190208a325ef01fa73f3439718642f29cfb8f38c649af PackageKit-gtk3-module-1.2.6-2.el9_8.s390x.rpm SHA-256: f7ee73ff3a016258d0d716a55a5b5666562afe0eaa3806e82098b0d174730378 PackageKit-gtk3-module-debuginfo-1.2.6-2.el9_8.s390x.rpm SHA-256: 180807fa6e39a3a7e59c7df9a868446e564f054a7f133ef2ef8c514e22c1a796 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM PackageKit-1.2.6-2.el9_8.src.rpm SHA-256: 03086ad114e8eb924f33ade50d81e1dd8b01dd8850a275bfb2fb193793f39f5d s390x PackageKit-1.2.6-2.el9_8.s390x.rpm SHA-256: f0e46d6ee7a9eeb3af1ce078356b3f43266679777edd8ae857fc1539e6a540b4 PackageKit-command-not-found-1.2.6-2.el9_8.s390x.rpm