Red Hat Product Errata RHSA-2026:5146 - Security Advisory
Issued:
2026-03-19
Updated:
2026-03-19

RHSA-2026:5146 - Security Advisory

Synopsis

Important: yggdrasil security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for yggdrasil is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker.

Security Fix(es):

  • crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls

Red Hat Enterprise Linux for x86_64 10

SRPM
yggdrasil-0.4.8-3.el10_1.src.rpm SHA-256: 854d33241ccc70752e2a4bf598957182efb167a7ad1bcfc10ed26f5030ee796c
x86_64
yggdrasil-0.4.8-3.el10_1.x86_64.rpm SHA-256: 05d7879d72108e3b905a1f50b450efc123606c652676cc495ea77d5fca60f8db
yggdrasil-debuginfo-0.4.8-3.el10_1.x86_64.rpm SHA-256: 9d4c2d37016dc97fc1523eef3065742fc3883691c02916a6b9f4cfd8b35ab9e9
yggdrasil-debugsource-0.4.8-3.el10_1.x86_64.rpm SHA-256: ccb0b7cd808aaf9c9a8c5d24c8f84cd10f1a15689c47ccc4c03adc28212be03d
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.x86_64.rpm SHA-256: 4b7f7b564f5fb0d6dcfc351152978f2989d4ba3e453a9fc7240d79c4235f46da

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
yggdrasil-0.4.8-3.el10_1.src.rpm SHA-256: 854d33241ccc70752e2a4bf598957182efb167a7ad1bcfc10ed26f5030ee796c
s390x
yggdrasil-0.4.8-3.el10_1.s390x.rpm SHA-256: 34c0d1b3906d835f1860780fdb3f3eab937ccb893fb681300a7058664dd4b3e1
yggdrasil-debuginfo-0.4.8-3.el10_1.s390x.rpm SHA-256: a44af8c9a6983f0ba458f6060e17464812c78d8ca9b0bee3d8c2f647e03db9f6
yggdrasil-debugsource-0.4.8-3.el10_1.s390x.rpm SHA-256: 86daf8b1a653257f32ce4970d113f93198a4ae393f56200de6a9d0826b9b90cc
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.s390x.rpm SHA-256: 43862ed175284fb3e7e962ebdb775a621f1fbe9dc14be4d4974f7ce1b47bb1fb

Red Hat Enterprise Linux for Power, little endian 10

SRPM
yggdrasil-0.4.8-3.el10_1.src.rpm SHA-256: 854d33241ccc70752e2a4bf598957182efb167a7ad1bcfc10ed26f5030ee796c
ppc64le
yggdrasil-0.4.8-3.el10_1.ppc64le.rpm SHA-256: 9431015b458a3985aad51b6484ef42a4c40364a53cee1d876c8aa4858bd0be2a
yggdrasil-debuginfo-0.4.8-3.el10_1.ppc64le.rpm SHA-256: b029027f6480508bec1fdcdd460b691ac4c18eedccae59e001eff48926127bf5
yggdrasil-debugsource-0.4.8-3.el10_1.ppc64le.rpm SHA-256: 902df6fa00becb122161792f596452bafbfa2b1712d6d012bde0034484bf3611
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.ppc64le.rpm SHA-256: a30a398f67df9394b84e5b1b53ead7be1cfcfe8d2bfc3b5365ec3f6a9e0d05a4

Red Hat Enterprise Linux for ARM 64 10

SRPM
yggdrasil-0.4.8-3.el10_1.src.rpm SHA-256: 854d33241ccc70752e2a4bf598957182efb167a7ad1bcfc10ed26f5030ee796c
aarch64
yggdrasil-0.4.8-3.el10_1.aarch64.rpm SHA-256: d49721eeaf8262d023c3a3e0b71dcd60e3a084482cb61b7f4813b83b706129b9
yggdrasil-debuginfo-0.4.8-3.el10_1.aarch64.rpm SHA-256: 664de1bc4e7445f70b26b595e502ed6c0082cb0246aaeb9b5bb9f0bd848875e7
yggdrasil-debugsource-0.4.8-3.el10_1.aarch64.rpm SHA-256: 5a79fdd43517b52101db74a173c5dbe5b12087da55480277c35509760dab4771
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.aarch64.rpm SHA-256: 49e336fb3f7462ceedd7a01a7d09fb188fee05c550e75d6c212b04c5160565d2

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
yggdrasil-debuginfo-0.4.8-3.el10_1.x86_64.rpm SHA-256: 9d4c2d37016dc97fc1523eef3065742fc3883691c02916a6b9f4cfd8b35ab9e9
yggdrasil-debugsource-0.4.8-3.el10_1.x86_64.rpm SHA-256: ccb0b7cd808aaf9c9a8c5d24c8f84cd10f1a15689c47ccc4c03adc28212be03d
yggdrasil-devel-0.4.8-3.el10_1.x86_64.rpm SHA-256: 7e8dd1676484f704c5482e821b76ad1dab879981b88b720da9ef9ea29b6683f2
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.x86_64.rpm SHA-256: 4b7f7b564f5fb0d6dcfc351152978f2989d4ba3e453a9fc7240d79c4235f46da

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
yggdrasil-debuginfo-0.4.8-3.el10_1.ppc64le.rpm SHA-256: b029027f6480508bec1fdcdd460b691ac4c18eedccae59e001eff48926127bf5
yggdrasil-debugsource-0.4.8-3.el10_1.ppc64le.rpm SHA-256: 902df6fa00becb122161792f596452bafbfa2b1712d6d012bde0034484bf3611
yggdrasil-devel-0.4.8-3.el10_1.ppc64le.rpm SHA-256: 4366ffca23dc659f85385428f79f4309a1ad4217d72efedaab970c8c391729ae
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.ppc64le.rpm SHA-256: a30a398f67df9394b84e5b1b53ead7be1cfcfe8d2bfc3b5365ec3f6a9e0d05a4

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
yggdrasil-debuginfo-0.4.8-3.el10_1.aarch64.rpm SHA-256: 664de1bc4e7445f70b26b595e502ed6c0082cb0246aaeb9b5bb9f0bd848875e7
yggdrasil-debugsource-0.4.8-3.el10_1.aarch64.rpm SHA-256: 5a79fdd43517b52101db74a173c5dbe5b12087da55480277c35509760dab4771
yggdrasil-devel-0.4.8-3.el10_1.aarch64.rpm SHA-256: 7c15dc0b47623768735ae6f5a5dd6119e5366be5c6e1e40fd83226223a426402
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.aarch64.rpm SHA-256: 49e336fb3f7462ceedd7a01a7d09fb188fee05c550e75d6c212b04c5160565d2

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
yggdrasil-debuginfo-0.4.8-3.el10_1.s390x.rpm SHA-256: a44af8c9a6983f0ba458f6060e17464812c78d8ca9b0bee3d8c2f647e03db9f6
yggdrasil-debugsource-0.4.8-3.el10_1.s390x.rpm SHA-256: 86daf8b1a653257f32ce4970d113f93198a4ae393f56200de6a9d0826b9b90cc
yggdrasil-devel-0.4.8-3.el10_1.s390x.rpm SHA-256: 6c9a3667bd1bfa6a70f880b6cd08d4e812ff3df76db668b7d37929ca9b7becf6
yggdrasil-examples-debuginfo-0.4.8-3.el10_1.s390x.rpm SHA-256: 43862ed175284fb3e7e962ebdb775a621f1fbe9dc14be4d4974f7ce1b47bb1fb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.