Red Hat Product Errata RHSA-2026:11413 - Security Advisory
Issued:
2026-04-28
Updated:
2026-04-28

RHSA-2026:11413 - Security Advisory

Synopsis

Important: yggdrasil security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for yggdrasil is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker.

Security Fix(es):

  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Red Hat Enterprise Linux for x86_64 10

SRPM
yggdrasil-0.4.8-4.el10_1.src.rpm SHA-256: a5157dad4d61f4d41a732578505b61ae2593b007f184d1988906543bd46131a3
x86_64
yggdrasil-0.4.8-4.el10_1.x86_64.rpm SHA-256: 2c9c784ab416bd7b7c32aacdf3e35e4ff8dc08777b3c607799b131481c5372af
yggdrasil-debuginfo-0.4.8-4.el10_1.x86_64.rpm SHA-256: 4711d6fcd5e04d64fbb4d7a883da5fe27b1cc77af1ebe26313ae9181afb042ea
yggdrasil-debugsource-0.4.8-4.el10_1.x86_64.rpm SHA-256: 2eee1192436b465b16c279ab878e50a09941cbb2eda9adac9f6910c04330a11e
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.x86_64.rpm SHA-256: 3e1c8aa1cf813de03de5e2a39511d8acf46c7e217c5edf90fd876961fd75ff3c

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
yggdrasil-0.4.8-4.el10_1.src.rpm SHA-256: a5157dad4d61f4d41a732578505b61ae2593b007f184d1988906543bd46131a3
s390x
yggdrasil-0.4.8-4.el10_1.s390x.rpm SHA-256: 63891bf2bda1c16013d0b9666e278012b6bc09d1c395688714c8bdeaba8f2a36
yggdrasil-debuginfo-0.4.8-4.el10_1.s390x.rpm SHA-256: 137b6d0a1dcc8329cb610ecf0329f41ce8f302a74508d8f5e3b8716cdf15efb2
yggdrasil-debugsource-0.4.8-4.el10_1.s390x.rpm SHA-256: b7a907c3cf82cbca551b9dc653b2b9a4a7669e79f0ce70fdd9d840d9bbe30e08
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.s390x.rpm SHA-256: f6243f81637203a528beabe0216299cb82bcbb2b2fe982fa96aa9abc61c3c876

Red Hat Enterprise Linux for Power, little endian 10

SRPM
yggdrasil-0.4.8-4.el10_1.src.rpm SHA-256: a5157dad4d61f4d41a732578505b61ae2593b007f184d1988906543bd46131a3
ppc64le
yggdrasil-0.4.8-4.el10_1.ppc64le.rpm SHA-256: 25a969e6d07f14666c5fbd0ec450e064e93c3a119e652bad848d7689f4af086d
yggdrasil-debuginfo-0.4.8-4.el10_1.ppc64le.rpm SHA-256: e5507c3b0350a52b92a8489cb113e9e0f7aa44e23333cc92fc1c7f6ea0f9f586
yggdrasil-debugsource-0.4.8-4.el10_1.ppc64le.rpm SHA-256: 92777a130b1ed958b90bfde86ce27436acb7e25887d36fa6dffa8033bf81712f
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.ppc64le.rpm SHA-256: 54314ded02aacbda8481cc426ea6ef053f560de145921cdaaa61ec437bd83330

Red Hat Enterprise Linux for ARM 64 10

SRPM
yggdrasil-0.4.8-4.el10_1.src.rpm SHA-256: a5157dad4d61f4d41a732578505b61ae2593b007f184d1988906543bd46131a3
aarch64
yggdrasil-0.4.8-4.el10_1.aarch64.rpm SHA-256: 57499402722f11861aa4f88e3037d16cc1079daffe8a97121f9bb10c3acababe
yggdrasil-debuginfo-0.4.8-4.el10_1.aarch64.rpm SHA-256: 78d11f2ba76c12163759487fd99f4df95bdf2f17b76feb07fa486f00a90d3929
yggdrasil-debugsource-0.4.8-4.el10_1.aarch64.rpm SHA-256: 4fa26cc6b13ccb11ad44b2569c8c890ee003d218c5692f800881ed5d916b0848
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.aarch64.rpm SHA-256: 2aa4dbe291190f0a0e67cd380ecc5254b76bebcac306882968b64d8aa6bebf56

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
yggdrasil-debuginfo-0.4.8-4.el10_1.x86_64.rpm SHA-256: 4711d6fcd5e04d64fbb4d7a883da5fe27b1cc77af1ebe26313ae9181afb042ea
yggdrasil-debugsource-0.4.8-4.el10_1.x86_64.rpm SHA-256: 2eee1192436b465b16c279ab878e50a09941cbb2eda9adac9f6910c04330a11e
yggdrasil-devel-0.4.8-4.el10_1.x86_64.rpm SHA-256: 3a732f4a7eab7926a200495a80538c9c4ee0eb03be07557e65b561c14623cd1d
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.x86_64.rpm SHA-256: 3e1c8aa1cf813de03de5e2a39511d8acf46c7e217c5edf90fd876961fd75ff3c

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
yggdrasil-debuginfo-0.4.8-4.el10_1.ppc64le.rpm SHA-256: e5507c3b0350a52b92a8489cb113e9e0f7aa44e23333cc92fc1c7f6ea0f9f586
yggdrasil-debugsource-0.4.8-4.el10_1.ppc64le.rpm SHA-256: 92777a130b1ed958b90bfde86ce27436acb7e25887d36fa6dffa8033bf81712f
yggdrasil-devel-0.4.8-4.el10_1.ppc64le.rpm SHA-256: b4b8a361082cd26550c2e2ded966a2576b7b5b64fadad8f82c288fafb7392986
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.ppc64le.rpm SHA-256: 54314ded02aacbda8481cc426ea6ef053f560de145921cdaaa61ec437bd83330

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
yggdrasil-debuginfo-0.4.8-4.el10_1.aarch64.rpm SHA-256: 78d11f2ba76c12163759487fd99f4df95bdf2f17b76feb07fa486f00a90d3929
yggdrasil-debugsource-0.4.8-4.el10_1.aarch64.rpm SHA-256: 4fa26cc6b13ccb11ad44b2569c8c890ee003d218c5692f800881ed5d916b0848
yggdrasil-devel-0.4.8-4.el10_1.aarch64.rpm SHA-256: a400bedb3ded05ae9fc3741a6374c9d9a875e4fc691df757fc2c5a851d2261c2
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.aarch64.rpm SHA-256: 2aa4dbe291190f0a0e67cd380ecc5254b76bebcac306882968b64d8aa6bebf56

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
yggdrasil-debuginfo-0.4.8-4.el10_1.s390x.rpm SHA-256: 137b6d0a1dcc8329cb610ecf0329f41ce8f302a74508d8f5e3b8716cdf15efb2
yggdrasil-debugsource-0.4.8-4.el10_1.s390x.rpm SHA-256: b7a907c3cf82cbca551b9dc653b2b9a4a7669e79f0ce70fdd9d840d9bbe30e08
yggdrasil-devel-0.4.8-4.el10_1.s390x.rpm SHA-256: ffcf6db905c964bbd5d5091107c72809216ec5ac74c5e47f649114a05b6a1f32
yggdrasil-examples-debuginfo-0.4.8-4.el10_1.s390x.rpm SHA-256: f6243f81637203a528beabe0216299cb82bcbb2b2fe982fa96aa9abc61c3c876

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.