Red Hat Product Errata RHSA-2026:19454 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19454 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM PackageKit-1.2.6-1.el9_4.1.src.rpm SHA-256: e647661446e78357073f35ec3209497320f1c3c255b6da0949d9a3bda4d17887 x86_64 PackageKit-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 580f8b5c9e44060e233948b8116779d77d5c6f1f795462ac92c9f079c8ce19fc PackageKit-command-not-found-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: f3cbe83475f4995532bdb3291744a3ebcb8c24571b81221e88d26c2a6cefc43a PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 49b0c95445ea88ba28e8fde46ffc7c724894ae3d12c757fce5db28c346453a41 PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 88375dc9f269042e5a483ad4134a9f8293d0b1f50eeac1ff88af721d678ba238 PackageKit-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 70b2c3070a9de81c45bc8ed05b870c6179fbc18920b683356bbed8352b8aa35e PackageKit-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: de8bb0bff78f50404ba075dd55616f5aae6887f935adf79caca9bc910bc623c3 PackageKit-debugsource-1.2.6-1.el9_4.1.i686.rpm SHA-256: 6c7524e316d2213f06437b7ea9d5edcc3d27b4154ff734405e49be1f72bd915c PackageKit-debugsource-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 172acd688a912b2ed1f7fe22a8baf46754d50764fc2ca4d3310549bdf29af041 PackageKit-glib-1.2.6-1.el9_4.1.i686.rpm SHA-256: 3be6db06fbcff7173ce115b1eb409616b828ec547ab21fcbec5e277cc45a81f9 PackageKit-glib-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 44a51c365ac286b64a8dcdfcb23db47638b10a37b8170583589542e45d427a3b PackageKit-glib-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 2349519ee93c59ad0e4345d12b3bb638c0fc41f06b7ec19dc0432b442cda43ec PackageKit-glib-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 5d0c9186ebbf95a0a1440328c57aee7bdf1d553dd04b4902ae1a7f00a2c9dc1e PackageKit-gstreamer-plugin-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: e986e43bfd2e5e88368e744d93fe879450716e76e056b684e98500a7eb9a0f9c PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: dd65db1fd54f86ddb833ee9e90958594d8178af99101ffee99aa6480a996b4bf PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 96d4392883675113bde489393be77e1ef96be0e37484e96bf1a386c8a7ea1e54 PackageKit-gtk3-module-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 3579459625979acf729b64c7f5bcc7ec6ca8b09c2a3bd479a88b4a1ed761fece PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 35032777a94b872ecb9dc3e000133225f875a35d71133b06f9aa42c6086e9031 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 8aaf053b37462ab12cfcfc4e05077d084680eb2e8404a2bf5421ec3cda3c905c Red Hat Enterprise Linux Server - AUS 9.4 SRPM PackageKit-1.2.6-1.el9_4.1.src.rpm SHA-256: e647661446e78357073f35ec3209497320f1c3c255b6da0949d9a3bda4d17887 x86_64 PackageKit-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 580f8b5c9e44060e233948b8116779d77d5c6f1f795462ac92c9f079c8ce19fc PackageKit-command-not-found-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: f3cbe83475f4995532bdb3291744a3ebcb8c24571b81221e88d26c2a6cefc43a PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 49b0c95445ea88ba28e8fde46ffc7c724894ae3d12c757fce5db28c346453a41 PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 88375dc9f269042e5a483ad4134a9f8293d0b1f50eeac1ff88af721d678ba238 PackageKit-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 70b2c3070a9de81c45bc8ed05b870c6179fbc18920b683356bbed8352b8aa35e PackageKit-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: de8bb0bff78f50404ba075dd55616f5aae6887f935adf79caca9bc910bc623c3 PackageKit-debugsource-1.2.6-1.el9_4.1.i686.rpm SHA-256: 6c7524e316d2213f06437b7ea9d5edcc3d27b4154ff734405e49be1f72bd915c PackageKit-debugsource-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 172acd688a912b2ed1f7fe22a8baf46754d50764fc2ca4d3310549bdf29af041 PackageKit-glib-1.2.6-1.el9_4.1.i686.rpm SHA-256: 3be6db06fbcff7173ce115b1eb409616b828ec547ab21fcbec5e277cc45a81f9 PackageKit-glib-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 44a51c365ac286b64a8dcdfcb23db47638b10a37b8170583589542e45d427a3b PackageKit-glib-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 2349519ee93c59ad0e4345d12b3bb638c0fc41f06b7ec19dc0432b442cda43ec PackageKit-glib-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 5d0c9186ebbf95a0a1440328c57aee7bdf1d553dd04b4902ae1a7f00a2c9dc1e PackageKit-gstreamer-plugin-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: e986e43bfd2e5e88368e744d93fe879450716e76e056b684e98500a7eb9a0f9c PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: dd65db1fd54f86ddb833ee9e90958594d8178af99101ffee99aa6480a996b4bf PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 96d4392883675113bde489393be77e1ef96be0e37484e96bf1a386c8a7ea1e54 PackageKit-gtk3-module-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 3579459625979acf729b64c7f5bcc7ec6ca8b09c2a3bd479a88b4a1ed761fece PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_4.1.i686.rpm SHA-256: 35032777a94b872ecb9dc3e000133225f875a35d71133b06f9aa42c6086e9031 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_4.1.x86_64.rpm SHA-256: 8aaf053b37462ab12cfcfc4e05077d084680eb2e8404a2bf5421ec3cda3c905c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM PackageKit-1.2.6-1.el9_4.1.src.rpm SHA-256: e647661446e78357073f35ec3209497320f1c3c255b6da0949d9a3bda4d17887 s390x PackageKit-1.2.6-1.el9_4.1.s390x.rpm SHA-256: bdccf01ca0217e298296f2a41b007f0c2bc48e544480d71db1825135a073402c PackageKit-command-not-found-1.2.6-1.el9_4.1.s390x.rpm SHA-256: 6c7fb5922de49f4907e3062cd1e1c6e4585a93b21ce11a5b1090a3fd22c7a340 PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.s390x.rpm SHA-256: 13112901e87e4024bd273e0772138472b7076c6a5e4a58525a00737ed0d1fc7c PackageKit-debuginfo-1.2.6-1.el9_4.1.s390x.rpm SHA-256: 1966224a2afa5e1945190abba889b8a39f40b57e18773e4240ee01248305a6b8 PackageKit-debugsource-1.2.6-1.el9_4.1.s390x.rpm SHA-256: ba9342fbcf9841e3c25b688f845c3415cbb26b9f56c7a22b4603cfb3c068d5cf PackageKit-glib-1.2.6-1.el9_4.1.s390x.rpm SHA-256: a95ad014695c0792d2eaeb8d3884929b6bce899b4562eb20f92177490838f14d PackageKit-glib-debuginfo-1.2.6-1.el9_4.1.s390x.rpm SHA-256: 1f914ebb9f7c983b93e60e7c16ab185c06ca5e555fe9347b2372c950be2e8e52 PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_4.1.s390x.rpm SHA-256: deb0a2b60a14122143d23fded6be4cda4993f1d7aad4d028d8d10050932c162d PackageKit-gtk3-module-1.2.6-1.el9_4.1.s390x.rpm SHA-256: 0b21b6152c9c227391605f80f11bb831cc737bd2dc65da33b040be7ec58e0877 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_4.1.s390x.rpm SHA-256: d59432cb28a52f2cd04bc4a6e70ef3e7794f4ed617d6646ad65b1f4eddca74a0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM PackageKit-1.2.6-1.el9_4.1.src.rpm SHA-256: e647661446e78357073f35ec3209497320f1c3c255b6da0949d9a3bda4d17887 ppc64le PackageKit-1.2.6-1.el9_4.1.ppc64le.rpm SHA-256: 40dc545278ab32e2e9f2caf79cc60555e2bcd61e8aaf29685fbef9de629f6461 PackageKit-command-not-found-1.2.6-1.el9_4.1.ppc64le.rpm SHA-256: a206585fa66693ecd5683f27db06da2c5d15606ae91fd5c010767425321f52dd PackageKit-command-not-found-debuginfo-1.2.6-1.el9_4.1.ppc64le.rpm SHA-256: cf459ef77b77685ca1891765775812fbc8ec0f31e8135c2a67a73d98ab