Red Hat Product Errata RHSA-2026:3506 - Security Advisory
Issued:
2026-03-02
Updated:
2026-03-02

RHSA-2026:3506 - Security Advisory

Synopsis

Important: yggdrasil security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for yggdrasil is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker.

Security Fix(es):

  • crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
x86_64
yggdrasil-0.4.7-2.el10_0.x86_64.rpm SHA-256: 82d67321530adef9d161b9f0a54b42746e14e79a58e7f056ed65371913607a5d
yggdrasil-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 0e7a020485d0d3ae609bf7bb230e71a38da478c62536e203222aeabd29866dbe
yggdrasil-debugsource-0.4.7-2.el10_0.x86_64.rpm SHA-256: e45d14695e792b300a940066a4a55da87203b7c7357ec0132bac5e7d7fe1f920
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 1d60c592b38ccc067e23c23d932b1a9d74817a2e777f9b2845a36eb75ee11fad

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
s390x
yggdrasil-0.4.7-2.el10_0.s390x.rpm SHA-256: 9f3de931f0eae76694d4b228911c10f4ff7a3edb48452cfd090ef75a2c8a3263
yggdrasil-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 531530cba6098a5a8361fb0d99623949a95b9fcdb75a8ac723f1652ad11752ff
yggdrasil-debugsource-0.4.7-2.el10_0.s390x.rpm SHA-256: e3ccc03ec97d1cb392a1c44a2839b8f6420f00eae691a3f93dea784b47e139a6
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 546acbe63683716b5d8f1036989da2cfd4f71b5ce12e0afba1df1097a632c5d5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
ppc64le
yggdrasil-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 881e98a6ba5f41d69d4ea7ec7784b19c5de64e424d583910735d3289268eeb25
yggdrasil-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 32cf0224784a980bc1746ef83cf4968e76fd9b87696bae2d6a8ded591170092f
yggdrasil-debugsource-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 5f8c302dec601d6d11e6b8d205e307189fcc59b0518bfefdf970c7a552166f74
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 3bd8b0a94a4021088c0bde0589c4e3f52083622eaa755345a57de7f810737755

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
aarch64
yggdrasil-0.4.7-2.el10_0.aarch64.rpm SHA-256: 26e70a4ebf4f842ff19a5fd20717872fec801fdaeeb3070753484a26607bf3b9
yggdrasil-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 6e3496c051337300fa8ff9e3b8ecdd5213abbf657a4bcf89f0d87035a338e705
yggdrasil-debugsource-0.4.7-2.el10_0.aarch64.rpm SHA-256: 5c6f1c1d2e8c6a8f8d475fdea2b7b936d97c5dc865b237bb2e1711aeba8f0fb6
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 8bc8de818668c3753375c8c36746282e2c0f607d9092a5478e592c70d5d75a29

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
yggdrasil-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 0e7a020485d0d3ae609bf7bb230e71a38da478c62536e203222aeabd29866dbe
yggdrasil-debugsource-0.4.7-2.el10_0.x86_64.rpm SHA-256: e45d14695e792b300a940066a4a55da87203b7c7357ec0132bac5e7d7fe1f920
yggdrasil-devel-0.4.7-2.el10_0.x86_64.rpm SHA-256: ac6f44d2b92ae5f3645be9223c59a98c2e99094b25b294c5ceb434580d771a02
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 1d60c592b38ccc067e23c23d932b1a9d74817a2e777f9b2845a36eb75ee11fad

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
yggdrasil-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 32cf0224784a980bc1746ef83cf4968e76fd9b87696bae2d6a8ded591170092f
yggdrasil-debugsource-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 5f8c302dec601d6d11e6b8d205e307189fcc59b0518bfefdf970c7a552166f74
yggdrasil-devel-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 76d9f8845c9db502f879fc5cc1bc3635bf65d5496ac94bdd6f276f5fe6b964ff
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 3bd8b0a94a4021088c0bde0589c4e3f52083622eaa755345a57de7f810737755

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
yggdrasil-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 531530cba6098a5a8361fb0d99623949a95b9fcdb75a8ac723f1652ad11752ff
yggdrasil-debugsource-0.4.7-2.el10_0.s390x.rpm SHA-256: e3ccc03ec97d1cb392a1c44a2839b8f6420f00eae691a3f93dea784b47e139a6
yggdrasil-devel-0.4.7-2.el10_0.s390x.rpm SHA-256: c25c4b5a5be463ef800b9bfa639dfb9fa132710b4ec7ce450a14365e896907e8
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 546acbe63683716b5d8f1036989da2cfd4f71b5ce12e0afba1df1097a632c5d5

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
yggdrasil-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 6e3496c051337300fa8ff9e3b8ecdd5213abbf657a4bcf89f0d87035a338e705
yggdrasil-debugsource-0.4.7-2.el10_0.aarch64.rpm SHA-256: 5c6f1c1d2e8c6a8f8d475fdea2b7b936d97c5dc865b237bb2e1711aeba8f0fb6
yggdrasil-devel-0.4.7-2.el10_0.aarch64.rpm SHA-256: f194c47e2bdcc6df098abeea735876df75643f1b6c1dbb9d5c0f1eb9f12497a5
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 8bc8de818668c3753375c8c36746282e2c0f607d9092a5478e592c70d5d75a29

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
aarch64
yggdrasil-0.4.7-2.el10_0.aarch64.rpm SHA-256: 26e70a4ebf4f842ff19a5fd20717872fec801fdaeeb3070753484a26607bf3b9
yggdrasil-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 6e3496c051337300fa8ff9e3b8ecdd5213abbf657a4bcf89f0d87035a338e705
yggdrasil-debugsource-0.4.7-2.el10_0.aarch64.rpm SHA-256: 5c6f1c1d2e8c6a8f8d475fdea2b7b936d97c5dc865b237bb2e1711aeba8f0fb6
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.aarch64.rpm SHA-256: 8bc8de818668c3753375c8c36746282e2c0f607d9092a5478e592c70d5d75a29

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
s390x
yggdrasil-0.4.7-2.el10_0.s390x.rpm SHA-256: 9f3de931f0eae76694d4b228911c10f4ff7a3edb48452cfd090ef75a2c8a3263
yggdrasil-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 531530cba6098a5a8361fb0d99623949a95b9fcdb75a8ac723f1652ad11752ff
yggdrasil-debugsource-0.4.7-2.el10_0.s390x.rpm SHA-256: e3ccc03ec97d1cb392a1c44a2839b8f6420f00eae691a3f93dea784b47e139a6
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.s390x.rpm SHA-256: 546acbe63683716b5d8f1036989da2cfd4f71b5ce12e0afba1df1097a632c5d5

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
ppc64le
yggdrasil-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 881e98a6ba5f41d69d4ea7ec7784b19c5de64e424d583910735d3289268eeb25
yggdrasil-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 32cf0224784a980bc1746ef83cf4968e76fd9b87696bae2d6a8ded591170092f
yggdrasil-debugsource-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 5f8c302dec601d6d11e6b8d205e307189fcc59b0518bfefdf970c7a552166f74
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.ppc64le.rpm SHA-256: 3bd8b0a94a4021088c0bde0589c4e3f52083622eaa755345a57de7f810737755

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
yggdrasil-0.4.7-2.el10_0.src.rpm SHA-256: a41e49ec54813ac03e34c636083fe16c6a83d6b76934ea4ada0fd2d4435d99cc
x86_64
yggdrasil-0.4.7-2.el10_0.x86_64.rpm SHA-256: 82d67321530adef9d161b9f0a54b42746e14e79a58e7f056ed65371913607a5d
yggdrasil-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 0e7a020485d0d3ae609bf7bb230e71a38da478c62536e203222aeabd29866dbe
yggdrasil-debugsource-0.4.7-2.el10_0.x86_64.rpm SHA-256: e45d14695e792b300a940066a4a55da87203b7c7357ec0132bac5e7d7fe1f920
yggdrasil-examples-debuginfo-0.4.7-2.el10_0.x86_64.rpm SHA-256: 1d60c592b38ccc067e23c23d932b1a9d74817a2e777f9b2845a36eb75ee11fad

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.