[ALSA-2026:5145] Important: yggdrasil-worker-package-manager security update
Type:
security
Severity:
important
Release date:
2026-03-20
Description:
yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions. Security Fix(es): * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 yggdrasil-worker-package-manager-0.2.3-4.el10_1.aarch64.rpm ccab5806eb8b80710b45c8f30c35684b206defce4247c5eab3b475deda49db6d
ppc64le yggdrasil-worker-package-manager-0.2.3-4.el10_1.ppc64le.rpm b32adc480b9e588d03edee6d07a497903fa7e7c04300ba6162ffb9b2a892a32d
s390x yggdrasil-worker-package-manager-0.2.3-4.el10_1.s390x.rpm fe709cd8b7bafbdbf0f5db82f74d5d89d012b2f73287c08842d63e94333b4620
x86_64 yggdrasil-worker-package-manager-0.2.3-4.el10_1.x86_64.rpm f269abb2b1945970117c31ac86e92c9057c57dc39f26be78ebd60d429e298ad3
x86_64_v2 yggdrasil-worker-package-manager-0.2.3-4.el10_1.x86_64_v2.rpm bfb56642cdaf9946937e19b1009dbcd739d6369f33175cb7c190ead27c24382d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.