Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
红帽产品勘误 RHSA-2025:17614 - Security Advisory
发布:
2025-10-08
已更新:
2025-10-08

RHSA-2025:17614 - Security Advisory

  • 概述
  • 更新的软件包

概述

Important: Satellite 6.15.5.5 Async Update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update is now available for Red Hat Satellite 6.15 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

描述

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

  • python-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)
  • cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings (CVE-2025-57052)
  • puppet-agent: REXML ReDoS vulnerability (CVE-2024-49761)

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

解决方案

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Satellite 6.15 x86_64
  • Red Hat Satellite Capsule 6.15 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64

修复

  • BZ - 2392894 - CVE-2025-57052 cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings
  • BZ - 2392990 - CVE-2025-57833 django: Django SQL injection in FilteredRelation column aliases
  • BZ - 2398216 - CVE-2025-10990 rexml: incomplete fix for CVE-2024-49761

CVE

  • CVE-2024-49761
  • CVE-2025-57052
  • CVE-2025-57833

参考

  • https://access.redhat.com/security/updates/classification/#important
注:: 可能有这些软件包的更新版本。 点击软件包名称查看详情。

Red Hat Satellite 6.15

SRPM
cjson-1.7.18-2.el8sat.src.rpm SHA-256: c86c4ebdc738d230d1dd8ba015b151c950d048582e930967a6f3dc7699a6d6c0
puppet-agent-7.34.0-4.el8sat.src.rpm SHA-256: 1022411a820f9877fce3a60ca7e121d42384629a5f2d065e061dcfc3e9ed2635
python-django-4.2.24-0.1.el8pc.src.rpm SHA-256: 2b7115ff4fea72a1cd73b7ad036efdecf5ec4ed01b50daa9dc0f4570c6fdc117
satellite-6.15.5.5-1.el8sat.src.rpm SHA-256: 27deeb5c36ebe54653d870d11377a8af6a0891721984b9fd608693b5505e7303
x86_64
cjson-1.7.18-2.el8sat.x86_64.rpm SHA-256: 4a74d5db2d1ecdcd4b05b92a5fc1872d5fe0ce867ecda6e67f58a8eb76c597fe
cjson-debuginfo-1.7.18-2.el8sat.x86_64.rpm SHA-256: 1c396b49b344778074a81fc3854aaeee9696b3d8fa9510a2570f29af3306ea1f
cjson-debugsource-1.7.18-2.el8sat.x86_64.rpm SHA-256: db593e21461ea4aec945579a7018272da6c30c40306d3604f10f36c047ef3b3c
puppet-agent-7.34.0-4.el8sat.x86_64.rpm SHA-256: b6a6000c04cafb439f0b56c0fff2fff3ef5854f56da2dc14d3baf9b42b383d86
python3.11-django-4.2.24-0.1.el8pc.noarch.rpm SHA-256: 86b3f34d38d6335d999c66d729f09548c3feaa07e4a2f57dd7dcf47a4a218793
satellite-6.15.5.5-1.el8sat.noarch.rpm SHA-256: e779b6587ef42421755f7ce9f4d0b6c57a4f4c014439728ce9c3dbd9f706e542
satellite-cli-6.15.5.5-1.el8sat.noarch.rpm SHA-256: c5134e6c1181d8013e791609dfa601b62f7c325344caaac65c064c56a989582a
satellite-common-6.15.5.5-1.el8sat.noarch.rpm SHA-256: abe899285c15230a4634ef88ddb997b1812fbe3a9b9ae18e6bf2fc64f2628b2e

Red Hat Satellite Capsule 6.15

SRPM
cjson-1.7.18-2.el8sat.src.rpm SHA-256: c86c4ebdc738d230d1dd8ba015b151c950d048582e930967a6f3dc7699a6d6c0
puppet-agent-7.34.0-4.el8sat.src.rpm SHA-256: 1022411a820f9877fce3a60ca7e121d42384629a5f2d065e061dcfc3e9ed2635
python-django-4.2.24-0.1.el8pc.src.rpm SHA-256: 2b7115ff4fea72a1cd73b7ad036efdecf5ec4ed01b50daa9dc0f4570c6fdc117
satellite-6.15.5.5-1.el8sat.src.rpm SHA-256: 27deeb5c36ebe54653d870d11377a8af6a0891721984b9fd608693b5505e7303
x86_64
cjson-1.7.18-2.el8sat.x86_64.rpm SHA-256: 4a74d5db2d1ecdcd4b05b92a5fc1872d5fe0ce867ecda6e67f58a8eb76c597fe
cjson-debuginfo-1.7.18-2.el8sat.x86_64.rpm SHA-256: 1c396b49b344778074a81fc3854aaeee9696b3d8fa9510a2570f29af3306ea1f
cjson-debugsource-1.7.18-2.el8sat.x86_64.rpm SHA-256: db593e21461ea4aec945579a7018272da6c30c40306d3604f10f36c047ef3b3c
puppet-agent-7.34.0-4.el8sat.x86_64.rpm SHA-256: b6a6000c04cafb439f0b56c0fff2fff3ef5854f56da2dc14d3baf9b42b383d86
python3.11-django-4.2.24-0.1.el8pc.noarch.rpm SHA-256: 86b3f34d38d6335d999c66d729f09548c3feaa07e4a2f57dd7dcf47a4a218793
satellite-capsule-6.15.5.5-1.el8sat.noarch.rpm SHA-256: d916e6d6ea75e869f971fc6f3560ad545867aaf20bf04918030239dc68dbd5bf
satellite-common-6.15.5.5-1.el8sat.noarch.rpm SHA-256: abe899285c15230a4634ef88ddb997b1812fbe3a9b9ae18e6bf2fc64f2628b2e

Red Hat Enterprise Linux for x86_64 8

SRPM
satellite-6.15.5.5-1.el8sat.src.rpm SHA-256: 27deeb5c36ebe54653d870d11377a8af6a0891721984b9fd608693b5505e7303
x86_64
satellite-cli-6.15.5.5-1.el8sat.noarch.rpm SHA-256: c5134e6c1181d8013e791609dfa601b62f7c325344caaac65c064c56a989582a

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility