Release date:
2026-05-14 18:20:07 UTC
Description:
- CVE-2026-41651: fix TOCTOU race on cached transaction flags that allowed
unprivileged users to install arbitrary RPM packages as root via the
PackageKit D-Bus interface, leading to local privilege escalation; reject
re-invocation of action methods on transactions that have left the NEW state.
Updated packages:
-
PackageKit-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:3883ccdf68d6bde2cb4949b3ff20406771adf1067d61ee9a4c4ad7eacbfdf826
-
PackageKit-command-not-found-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:57c124ad6347e15c83691faf704eed4f23d23819e2a865cc15ab0a16e459beeb
-
PackageKit-cron-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:c09ac09bfa67cff674bbd28621904ab94eee983a875f29b5966ff628f271987c
-
PackageKit-glib-1.2.6-1.el9.tuxcare.els1.i686.rpm
sha:61304d77edcc3e7aa5b499f4ba701d5afe2eb3edc7fbd698d19bf4b69fc4337f
-
PackageKit-glib-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:daabf0d6eccf4609cbc5a8e5538a4dded3e0af8a0d7a0157cd05fb7701c2b995
-
PackageKit-glib-devel-1.2.6-1.el9.tuxcare.els1.i686.rpm
sha:d54362da9b743dd705ae4eca097275d75806dc63666338d542daa8e78ea48de5
-
PackageKit-glib-devel-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:d9c947e6170eb936ec114de7ad9574bfd7b9391724068b409ffe465675d9ae97
-
PackageKit-gstreamer-plugin-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:2f072690a0d9baef2b223ce37d7e797720f3dc7ed5b0edafaa59c8f50e3d7135
-
PackageKit-gtk3-module-1.2.6-1.el9.tuxcare.els1.x86_64.rpm
sha:6dcf67c975ff7bf0933fdda94960033617b2601c0ac397ddb8fd75795d9b3f20
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
