Issued:: 2025-04-08
Updated:: 2025-04-08

RHSA-2025:3709 - Security Advisory

Overview
Updated Images

Synopsis

Important: updated discovery container images

Type/Severity

Security Advisory: Important

Topic

Updated container images are now available for Discovery 1.13.1.

Description

The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

This release resolves the following CVEs:

discovery-server-container: HTTP Request Smuggling in benoitc/gunicorn (CVE-2025-26699)
discovery-server-container: Potential denial-of-service vulnerability in django.utils.text.wrap() (CVE-2024-6827)

Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Discovery 1 x86_64

Fixes

DISCOVERY-924 - release discovery-server 1.13.1

CVEs

References

https://access.redhat.com/security/updates/classification/#important

aarch64

discovery/discovery-server-rhel9@sha256:eac30bac86efad29e5ad517261e35ec7561e5130abd1059ab20499bd5fd7214b

x86_64

discovery/discovery-server-rhel9@sha256:bc8019b85528333553abb25efa98a3f7c983de4eb93c890ce88232cee2297c8d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation