Release date:
2026-05-25 12:16:56 UTC
Description:
- CVE-2026-41651: Fix TOCTOU race on transaction flags that allowed unprivileged
users to install arbitrary RPMs and execute scriptlets as root; prevent
unconditional flag overwrite, enforce state-transition validation, and read
cached flags at authorization time rather than at dispatch.
Updated packages:
-
PackageKit-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:11a7e6b789b0d9acf2f813ac04912892c0de33f9918a87402c94b8c0f95f758c
-
PackageKit-command-not-found-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:3f5807157befe11a2ebdceb8824a39f7f31bd0ab8ca87de6c477ff3f9dd27b0c
-
PackageKit-cron-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:3a9f66a1c921e6ff3ef3554835791e0cc351e1422ca3bbd01a75ee501b6d8448
-
PackageKit-glib-1.2.4-2.el9_2.tuxcare.els1.i686.rpm
sha:6fb9dd33263dd7e14d871111c31a91697344d227b5d3ea1e9ca1c54b8e9c7c93
-
PackageKit-glib-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:9bba882e1c3a407d065dbe7dc4d89a26cf4e8c5f6400e40d7acf1c19e672d490
-
PackageKit-glib-devel-1.2.4-2.el9_2.tuxcare.els1.i686.rpm
sha:c4c5ab33836d0f55c21692c142dedd67d329e04f70b98cb77c9c37b752cc9197
-
PackageKit-glib-devel-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:fdac44b42ade69e386ecc6ca547db8028025e08b5fa8ee74504fe4c7afa4671a
-
PackageKit-gstreamer-plugin-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:11b0d4589e73d18e0917fcc26a1fc3cb607b4ae622c2c81be4fa8f6fe13aaf23
-
PackageKit-gtk3-module-1.2.4-2.el9_2.tuxcare.els1.x86_64.rpm
sha:d0fcb91999fa9210f6cd8879be1a3e2ea87cbafd2202a0df2f21750d71eb949b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
