Issued:: 2025-08-07
Updated:: 2025-08-07

RHSA-2025:13269 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Satellite 6.17.3 Async Update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A new release is now available for Red Hat Satellite 6.17 for RHEL 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

puppetserver: REXML ReDoS vulnerability (CVE-2024-49761)
puppet-agent: REXML ReDoS vulnerability (CVE-2024-49761)

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.17/html/updating_red_hat_satellite/index

Affected Products

Red Hat Satellite 6.17 x86_64
Red Hat Satellite Capsule 6.17 x86_64
Red Hat Enterprise Linux for x86_64 9 x86_64

Fixes

BZ - 2322153 - CVE-2024-49761 rexml: REXML ReDoS vulnerability
SAT-35573 - Satellite 6.17 upgrade fails with ERROR: duplicate key value violates unique constraint "index_katello_installed_packages_on_nvrea"
SAT-35575 - Unable to find images in Azure image galleries
SAT-35576 - pulpcore core_progressreport table gets out of sync with core_task table with no easy/recommended way to clean it up
SAT-35577 - FIPS compliant Satellite 6.15 using chacha20-poly1305@opnessh.com cipher during image provisioning
SAT-35579 - VMware compute profile - uninitialized constant Fog::Vsphere::Compute::ResourcePool
SAT-35580 - hammer command with csv option generates few fields in json format
SAT-35581 - ERROR: nextval: reached maximum value of sequence "katello_erratum_packages_id_seq" during concurrent repository sync plan executions
SAT-35582 - Cloudinit default generates invalid yaml output when realm feature is in use
SAT-35583 - Incremental CCV updates all CV versions
SAT-35584 - Select one errata in the host collection and click on 'Install Selected via remote execution ? customize first' install all available errata for the host collection
SAT-35586 - The "Leapp preupgrade report" tab on job invocations UI page disappears
SAT-35587 - Error when trying to set any subscription attributes for virt-who-* hosts.
SAT-35718 - rh_cloud uses http proxy with iop-advisor-engine
SAT-36341 - Post 6.17 upgrade satellite is affected with high CPU usage and Actions::Katello::Applicability::Hosts::BulkGenerate tasks getting stuck
SAT-36426 - foreman-rake rh_cloud:hybridcloud_register task is broken

CVEs

CVE-2024-49761

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite 6.17

SRPM
foreman-3.14.0.6-1.el9sat.src.rpm	SHA-256: b3a4578ae08bc1603614cffd5388e67b8d675d7858c0ffc80ce2c8060c08d781
puppet-agent-8.8.1-2.el9sat.src.rpm	SHA-256: 13a519f70d7e582ac3be44905a95ea51ccbfe87db18dd4594a241c0d4139ab6b
puppetserver-8.6.2-3.el9sat.src.rpm	SHA-256: 9185fc7c0ed86b2da5a4443debe053211e07102311ae10f615064040c356b0b9
python-cryptography-45.0.3-0.1.el9pc.src.rpm	SHA-256: e05200d8ad2151e5171562079a859712136bf971d518250cea47f8261cd34c2b
python-pulpcore-3.63.21-1.el9pc.src.rpm	SHA-256: 975d905c8b512e20b4cda247f2dca810e0cb81772b8ce618db3e12c6d6ce267e
python-pyOpenSSL-25.1.0-0.2.el9pc.src.rpm	SHA-256: 1947883a7782469a8d85a9651ee81961e717c4b97230043c012ec52431456f89
python-typing-extensions-4.12.2-1.el9pc.src.rpm	SHA-256: ec103418a77f039376b9cb0b66a322e7a93205868801e26cdf9e7f771ed83a7c
rubygem-foreman_azure_rm-3.0.4-0.1.el9sat.src.rpm	SHA-256: 4eb50fb60780363da2fc5815a4dcac6b850757827a1dd1843840993ff3b756a2
rubygem-foreman_leapp-2.0.5-0.1.el9sat.src.rpm	SHA-256: 0f1b4a19864a0554dd5d9121661760cfb58222bd538a589bc210f700cb99c71e
rubygem-foreman_rh_cloud-11.4.3-1.el9sat.src.rpm	SHA-256: 58d06aa9d98d40cc9983889961ccf55a2805e5c0b1a8b482609cd0eed1fd9599
rubygem-hammer_cli_katello-1.16.1.3-1.el9sat.src.rpm	SHA-256: 99d1d9715d355cbdb3bebc7bc05fb8b510bb0976c27cb3b4d24347c3d1d8f961
rubygem-katello-4.16.0.8-1.el9sat.src.rpm	SHA-256: dd5949a918e1e9d681be54609126eaffdc10c929c6e61d0dd1f1815f37284175
satellite-6.17.3-1.el9sat.src.rpm	SHA-256: 365491de2486f475eddd759c235f2a3852c9d4f49348ad47071daa69f8c565e5
x86_64
foreman-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: a23e6de2f8b79a8968cb65648ad386f76281da4a8df2f9039f7f5913f9f9f5f3
foreman-cli-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: bd7f6039d44225ab1991226329d7efa4c96ba15368e79b68c61b4bb26d9f3aea
foreman-debug-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 2febf23c4414d47a9159b9e437f3542fd4a3d253f3b5e0ed389115fcf41528e4
foreman-dynflow-sidekiq-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: cefbfd42c8005baf2d7f928a687976ead0a9b2c7af223d9299fa8559c5260772
foreman-ec2-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 35b243d53977e5fad7d886782d62b77282ab5777b39b800a62c431ed892bccef
foreman-journald-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 6c6eaffd0354572cc0b204eefcb09ff6b67744d8464dfbd35f06f0715f9d377b
foreman-libvirt-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 0b4461dd21d6f0409d60560649e443f7e0bcb8cbafc3b1ab1bbb26000008b261
foreman-openstack-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 816f9e0ba465a8d625e5b6f7a4e8b798408df8bab47c146e3bcb3bcc5caf389d
foreman-ovirt-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 41a9f59e0c8a84903c62e254567bbf053cbcdad5967ee01854416a1f62f11a67
foreman-pcp-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 99efd9c691a3075594d4f3a5593810a7fdc3fb3b555fda735f1cde542e7f2377
foreman-postgresql-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: a53e5e0ddf3c1d0255b9b80bd8046ecfcfe766f9c0625de2421077f7deb45c3b
foreman-redis-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 1935d9959d08b083580088270d71f553f07cc3a2f2052233f79c766bb98ccde7
foreman-service-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 5b0f297b18e3acc871c19081f94b632686dfdd68059d83f852fe373cbbfa05a8
foreman-telemetry-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: af3af9b793fccd0c613b2ffec82c73609919fd4f6d514aaa048d05de684bab98
foreman-vmware-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: ade3fa5f81ad15b0120f7090c11fe70850ec161a5ae434f6d62b46026477f97a
puppet-agent-8.8.1-2.el9sat.x86_64.rpm	SHA-256: bbbf44e150009794729f7cedf5801a203b60acd52eb383572ec0adf0448776f4
puppetserver-8.6.2-3.el9sat.noarch.rpm	SHA-256: 2ee98faf642cfdce45be44262c17fc7e8ffb79bea808b76d943744ab7abb393b
python3.11-cryptography-45.0.3-0.1.el9pc.x86_64.rpm	SHA-256: 06db0870d0c5c4df9f812e433ef16ce11c2ef3b8172acc2fdad653cdc9850eda
python3.11-pulpcore-3.63.21-1.el9pc.noarch.rpm	SHA-256: 03930e72071000956e65b841d65dcf45680b2c49660ec2886deea819306dbdbc
python3.11-pyOpenSSL-25.1.0-0.2.el9pc.noarch.rpm	SHA-256: ddd317649b215f1642f9a3c26690030e82580682c8c099206dd58c571ee24b2d
python3.11-typing-extensions-4.12.2-1.el9pc.noarch.rpm	SHA-256: 91e65415a4b1d86c2fab3bf69f858e8601fa1d7f029d1eb57e5664a6dab20c58
rubygem-foreman_azure_rm-3.0.4-0.1.el9sat.noarch.rpm	SHA-256: cd729a22ebd21b88d58414fb7bf71b3439fb7fa730f448e8cf9114c7a5e33088
rubygem-foreman_leapp-2.0.5-0.1.el9sat.noarch.rpm	SHA-256: cfca488d91294fc9bd05649b9b8715ccb6b50c181270860038cc8ca84e9aee1b
rubygem-foreman_rh_cloud-11.4.3-1.el9sat.noarch.rpm	SHA-256: 9b55e22ff13ed65e80eec5b09e7a1e025daba20b9a34590be10b9aa7a3934152
rubygem-hammer_cli_katello-1.16.1.3-1.el9sat.noarch.rpm	SHA-256: 98753a957038ffcdeec535dcb6f5edb5e4bcec35c2186c656f4ced637a264fee
rubygem-katello-4.16.0.8-1.el9sat.noarch.rpm	SHA-256: ee87042b9f41724554d4573e7d6054b8f283f7a5739f84703a341861d3678342
satellite-6.17.3-1.el9sat.noarch.rpm	SHA-256: ce3387fe8cd9303ac8de6395b85ec408d7700e51c28d4114fb3390f82868455d
satellite-cli-6.17.3-1.el9sat.noarch.rpm	SHA-256: 111d96eaa747db5ea5625f39fa64367cfcb99cf7b722ae09f042ba9f2510701b
satellite-common-6.17.3-1.el9sat.noarch.rpm	SHA-256: 42bcceab869b763fa432c4f3e9ee0bfaf17b2e11f954c43b4ad326f267563aaf
satellite-obsolete-packages-6.17.3-1.el9sat.noarch.rpm	SHA-256: 2d7d9d242d6a6340acd8a7c34c59cc20adc41c8385b74eec9b08e1acf88d3d96

Red Hat Satellite Capsule 6.17

SRPM
foreman-3.14.0.6-1.el9sat.src.rpm	SHA-256: b3a4578ae08bc1603614cffd5388e67b8d675d7858c0ffc80ce2c8060c08d781
puppet-agent-8.8.1-2.el9sat.src.rpm	SHA-256: 13a519f70d7e582ac3be44905a95ea51ccbfe87db18dd4594a241c0d4139ab6b
puppetserver-8.6.2-3.el9sat.src.rpm	SHA-256: 9185fc7c0ed86b2da5a4443debe053211e07102311ae10f615064040c356b0b9
python-cryptography-45.0.3-0.1.el9pc.src.rpm	SHA-256: e05200d8ad2151e5171562079a859712136bf971d518250cea47f8261cd34c2b
python-pulpcore-3.63.21-1.el9pc.src.rpm	SHA-256: 975d905c8b512e20b4cda247f2dca810e0cb81772b8ce618db3e12c6d6ce267e
python-pyOpenSSL-25.1.0-0.2.el9pc.src.rpm	SHA-256: 1947883a7782469a8d85a9651ee81961e717c4b97230043c012ec52431456f89
python-typing-extensions-4.12.2-1.el9pc.src.rpm	SHA-256: ec103418a77f039376b9cb0b66a322e7a93205868801e26cdf9e7f771ed83a7c
satellite-6.17.3-1.el9sat.src.rpm	SHA-256: 365491de2486f475eddd759c235f2a3852c9d4f49348ad47071daa69f8c565e5
x86_64
foreman-debug-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 2febf23c4414d47a9159b9e437f3542fd4a3d253f3b5e0ed389115fcf41528e4
foreman-pcp-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: 99efd9c691a3075594d4f3a5593810a7fdc3fb3b555fda735f1cde542e7f2377
puppet-agent-8.8.1-2.el9sat.x86_64.rpm	SHA-256: bbbf44e150009794729f7cedf5801a203b60acd52eb383572ec0adf0448776f4
puppetserver-8.6.2-3.el9sat.noarch.rpm	SHA-256: 2ee98faf642cfdce45be44262c17fc7e8ffb79bea808b76d943744ab7abb393b
python3.11-cryptography-45.0.3-0.1.el9pc.x86_64.rpm	SHA-256: 06db0870d0c5c4df9f812e433ef16ce11c2ef3b8172acc2fdad653cdc9850eda
python3.11-pulpcore-3.63.21-1.el9pc.noarch.rpm	SHA-256: 03930e72071000956e65b841d65dcf45680b2c49660ec2886deea819306dbdbc
python3.11-pyOpenSSL-25.1.0-0.2.el9pc.noarch.rpm	SHA-256: ddd317649b215f1642f9a3c26690030e82580682c8c099206dd58c571ee24b2d
python3.11-typing-extensions-4.12.2-1.el9pc.noarch.rpm	SHA-256: 91e65415a4b1d86c2fab3bf69f858e8601fa1d7f029d1eb57e5664a6dab20c58
satellite-capsule-6.17.3-1.el9sat.noarch.rpm	SHA-256: baa30c00e9605ba4a827e189c5fc3e06f3036c37fa25f79b24db72b6bca2dc7d
satellite-common-6.17.3-1.el9sat.noarch.rpm	SHA-256: 42bcceab869b763fa432c4f3e9ee0bfaf17b2e11f954c43b4ad326f267563aaf
satellite-obsolete-packages-6.17.3-1.el9sat.noarch.rpm	SHA-256: 2d7d9d242d6a6340acd8a7c34c59cc20adc41c8385b74eec9b08e1acf88d3d96

Red Hat Enterprise Linux for x86_64 9

SRPM
foreman-3.14.0.6-1.el9sat.src.rpm	SHA-256: b3a4578ae08bc1603614cffd5388e67b8d675d7858c0ffc80ce2c8060c08d781
rubygem-hammer_cli_katello-1.16.1.3-1.el9sat.src.rpm	SHA-256: 99d1d9715d355cbdb3bebc7bc05fb8b510bb0976c27cb3b4d24347c3d1d8f961
satellite-6.17.3-1.el9sat.src.rpm	SHA-256: 365491de2486f475eddd759c235f2a3852c9d4f49348ad47071daa69f8c565e5
x86_64
foreman-cli-3.14.0.6-1.el9sat.noarch.rpm	SHA-256: bd7f6039d44225ab1991226329d7efa4c96ba15368e79b68c61b4bb26d9f3aea
rubygem-hammer_cli_katello-1.16.1.3-1.el9sat.noarch.rpm	SHA-256: 98753a957038ffcdeec535dcb6f5edb5e4bcec35c2186c656f4ced637a264fee
satellite-cli-6.17.3-1.el9sat.noarch.rpm	SHA-256: 111d96eaa747db5ea5625f39fa64367cfcb99cf7b722ae09f042ba9f2510701b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation