Red Hat Product Errata RHSA-2025:19856 - Security Advisory
Issued:
2025-11-06
Updated:
2025-11-06

RHSA-2025:19856 - Security Advisory

Synopsis

Important: Satellite 6.15.5.6 Async Update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Satellite 6.15 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

  • rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
  • rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
  • foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Satellite 6.15 x86_64
  • Red Hat Satellite Capsule 6.15 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

  • BZ - 2396020 - CVE-2025-10622 foreman: OS command injection via ct_location and fcct_location parameters
  • BZ - 2398167 - CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
  • BZ - 2403180 - CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

Red Hat Satellite 6.15

SRPM
foreman-3.9.1.13-1.el8sat.src.rpm SHA-256: 30d3b26e39406d6178d89dec20f485e799599a477d8c99b5cedf937bf7980076
rubygem-rack-2.2.20-1.el8sat.src.rpm SHA-256: 60ad3ec844b2bf69e9aeccd73961ed25b2ac796fd0d0838be283eec6ff2d66f4
satellite-6.15.5.6-1.el8sat.src.rpm SHA-256: 1271d557c30d74acb9f4e791b50b83177efaf9341301630cd37fee76908a3ae1
x86_64
foreman-3.9.1.13-1.el8sat.noarch.rpm SHA-256: c79ab3cb5a20e550b0d559a6d512398b6906c3015d43f620cce4f6405f27addd
foreman-cli-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 397b12c625c5bdb590c147fe530bf7d3cbc2300f1fde59d14fbba38e839865f8
foreman-debug-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 3f331ecd26df44ce25920780b5fd50824be7ec59e0a9ada4fe730f9650e648db
foreman-dynflow-sidekiq-3.9.1.13-1.el8sat.noarch.rpm SHA-256: d7e82dc9d646a1c70ebe388a5dc308970375e800022ae4c3a36ae91661c7e55e
foreman-ec2-3.9.1.13-1.el8sat.noarch.rpm SHA-256: c45f752dd09185370faa964b1d6ace7e0956830d9aa3310671e1662049365126
foreman-journald-3.9.1.13-1.el8sat.noarch.rpm SHA-256: ad64bab519b871be0eb29d918e492fe724d4a9598ffef54a5ed8bccf9a06e6fd
foreman-libvirt-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 2e7d52d62b0bc5cf1248cd53eccd08a494a0b04ae599e44cfeba58495ec0c532
foreman-openstack-3.9.1.13-1.el8sat.noarch.rpm SHA-256: f2c530f2e3f57b694bc66722065f30df66739ea8e79fe4f36745330552e35e5d
foreman-ovirt-3.9.1.13-1.el8sat.noarch.rpm SHA-256: ba3403a77f40d5a9eb6da4ac96d2d5317080d5bbcd02474ca9678e66b0e991ea
foreman-pcp-3.9.1.13-1.el8sat.noarch.rpm SHA-256: ea2e24fbc28f345a967e681171accaea6931e2404c6d77eebfd6c96e37a44d62
foreman-postgresql-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 3cfccc1ad64d869ccff15ed19381cee581b418aab93ecb4afdec9f6b4ebce6b2
foreman-redis-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 576adbd146a2eace94cea8e48ab5dea7238c35720281c372905d10086e4c13c9
foreman-service-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 5fda3639833c0a71df203a34f8ca79640b614b5fd27cc21e4e2796967886dc0f
foreman-telemetry-3.9.1.13-1.el8sat.noarch.rpm SHA-256: c74bc17703d81797b03df6f799fd8aab53d6fa99047965ffa4d22d4d3f68cc95
foreman-vmware-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 9302d0a2840e7e06d51eccfa8654cd8aa7879f1a13800e2a8c777eeb33142e49
rubygem-rack-2.2.20-1.el8sat.noarch.rpm SHA-256: 68ae53442c99ec2550962c7399a0007fdb5fd0bab88e6044623559465c3861c9
satellite-6.15.5.6-1.el8sat.noarch.rpm SHA-256: a20f1934d70a1a96c3599b9cc3f26a2cddf2510c11327dfe05726de9a3f53c2c
satellite-cli-6.15.5.6-1.el8sat.noarch.rpm SHA-256: 4ad14de74099d17e7f0e80d7f26afee28e75021869bacfc6d3ab0a9c8c13d719
satellite-common-6.15.5.6-1.el8sat.noarch.rpm SHA-256: a194d1e6a1da6789e5dbcc294c92a70486f940897fd13e30473271cd74e1051b

Red Hat Satellite Capsule 6.15

SRPM
foreman-3.9.1.13-1.el8sat.src.rpm SHA-256: 30d3b26e39406d6178d89dec20f485e799599a477d8c99b5cedf937bf7980076
rubygem-rack-2.2.20-1.el8sat.src.rpm SHA-256: 60ad3ec844b2bf69e9aeccd73961ed25b2ac796fd0d0838be283eec6ff2d66f4
satellite-6.15.5.6-1.el8sat.src.rpm SHA-256: 1271d557c30d74acb9f4e791b50b83177efaf9341301630cd37fee76908a3ae1
x86_64
foreman-debug-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 3f331ecd26df44ce25920780b5fd50824be7ec59e0a9ada4fe730f9650e648db
foreman-pcp-3.9.1.13-1.el8sat.noarch.rpm SHA-256: ea2e24fbc28f345a967e681171accaea6931e2404c6d77eebfd6c96e37a44d62
rubygem-rack-2.2.20-1.el8sat.noarch.rpm SHA-256: 68ae53442c99ec2550962c7399a0007fdb5fd0bab88e6044623559465c3861c9
satellite-capsule-6.15.5.6-1.el8sat.noarch.rpm SHA-256: ba9df8879c2e9ba1215093ad14c72671e4c2292b07fceed9c8f135dd9aff2ca2
satellite-common-6.15.5.6-1.el8sat.noarch.rpm SHA-256: a194d1e6a1da6789e5dbcc294c92a70486f940897fd13e30473271cd74e1051b

Red Hat Enterprise Linux for x86_64 8

SRPM
foreman-3.9.1.13-1.el8sat.src.rpm SHA-256: 30d3b26e39406d6178d89dec20f485e799599a477d8c99b5cedf937bf7980076
satellite-6.15.5.6-1.el8sat.src.rpm SHA-256: 1271d557c30d74acb9f4e791b50b83177efaf9341301630cd37fee76908a3ae1
x86_64
foreman-cli-3.9.1.13-1.el8sat.noarch.rpm SHA-256: 397b12c625c5bdb590c147fe530bf7d3cbc2300f1fde59d14fbba38e839865f8
satellite-cli-6.15.5.6-1.el8sat.noarch.rpm SHA-256: 4ad14de74099d17e7f0e80d7f26afee28e75021869bacfc6d3ab0a9c8c13d719

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.