Red Hat Product Errata RHSA-2025:9838 - Security Advisory
Issued:
2025-06-26
Updated:
2025-06-26

RHSA-2025:9838 - Security Advisory

Synopsis

Moderate: Satellite 6.15.5.3 Async Update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Satellite 6.15 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

  • cjson: segmentation violation in function cJSON_InsertItemInArray (CVE-2023-50471)
  • cjson: segmentation violation in function cJSON_SetValuestring (CVE-2023-50472)
  • cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c (CVE-2024-31755)
  • rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)
  • python-sqlparse: sqlparse: parsing heavily nested list leads to denial of service (CVE-2024-4340)

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index

Affected Products

  • Red Hat Satellite 6.15 x86_64
  • Red Hat Satellite Capsule 6.15 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

  • BZ - 2254641 - CVE-2023-50471 cjson: segmentation violation in function cJSON_InsertItemInArray
  • BZ - 2254643 - CVE-2023-50472 cjson: segmentation violation in function cJSON_SetValuestring
  • BZ - 2277268 - CVE-2024-31755 cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c
  • BZ - 2278038 - CVE-2024-4340 sqlparse: parsing heavily nested list leads to denial of service
  • BZ - 2364966 - CVE-2025-46727 rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

Red Hat Satellite 6.15

SRPM
cjson-1.7.18-1.el8sat.src.rpm SHA-256: fc3a7bb13992ad1c088ac4438ff9ddf2e9a8a81c3e57fe117809e050cf030f92
python-sqlparse-0.5.0-1.el8pc.src.rpm SHA-256: 89f16842e5579c55021e46a486639dec88349e36b848d34ea8ca8c4723c63532
rubygem-foreman_rh_cloud-9.0.61-1.el8sat.src.rpm SHA-256: ac6b9b85b8548a7884776ea842d79d14abc6c2cebfe9d74273a654393f74d3dd
rubygem-rack-2.2.14-1.el8sat.src.rpm SHA-256: 3b1c2486b65191d5c2abde6e3326772dd9df1bd109801445047c72960748143c
satellite-6.15.5.3-1.el8sat.src.rpm SHA-256: 067755e16b4e12425d41b33a3d0c51ecab4d60b189a4a433b8fec46525044082
x86_64
cjson-1.7.18-1.el8sat.x86_64.rpm SHA-256: 95e5aba1bc1e05e3ccc00fdaf68058060b96cc29ea55e914e0c2d59354c384c4
cjson-debuginfo-1.7.18-1.el8sat.x86_64.rpm SHA-256: 993b77a3a9020ba9569bfe1bd19bbd9b25975382a689df55f41c358d95daa385
cjson-debugsource-1.7.18-1.el8sat.x86_64.rpm SHA-256: 56d5f295e545bcfc46b8e8047aa0c19720dd84d2c6452fd2716032dd09fe65ac
python3.11-sqlparse-0.5.0-1.el8pc.noarch.rpm SHA-256: 0c2d3160cd74f37c1d9b4073cfe929e3b5489cac8ae7ff383a8332f9be689aa5
rubygem-foreman_rh_cloud-9.0.61-1.el8sat.noarch.rpm SHA-256: 8602d4c30a0e5c7f24c5f5ca8523af4aa0689d273310b2e043c29626bfb3e33a
rubygem-rack-2.2.14-1.el8sat.noarch.rpm SHA-256: 71d67b7def81d1f551af25673e36007945c042945cb940d8792a11b892cd2db4
satellite-6.15.5.3-1.el8sat.noarch.rpm SHA-256: 212f557312ec512f949b13cc67673e7eb38256c05aab3a6b00c555090cf89ce6
satellite-cli-6.15.5.3-1.el8sat.noarch.rpm SHA-256: f954fd6105f68cb85ffa3e7584c77e15bdb98fc33b877877cd4d9202d9bbc0e9
satellite-common-6.15.5.3-1.el8sat.noarch.rpm SHA-256: bf7b07e09e5b15b5fb50ec9ce6422b8a122a4d7e3c619bb6beabec0f939f81e5

Red Hat Satellite Capsule 6.15

SRPM
cjson-1.7.18-1.el8sat.src.rpm SHA-256: fc3a7bb13992ad1c088ac4438ff9ddf2e9a8a81c3e57fe117809e050cf030f92
python-sqlparse-0.5.0-1.el8pc.src.rpm SHA-256: 89f16842e5579c55021e46a486639dec88349e36b848d34ea8ca8c4723c63532
rubygem-rack-2.2.14-1.el8sat.src.rpm SHA-256: 3b1c2486b65191d5c2abde6e3326772dd9df1bd109801445047c72960748143c
satellite-6.15.5.3-1.el8sat.src.rpm SHA-256: 067755e16b4e12425d41b33a3d0c51ecab4d60b189a4a433b8fec46525044082
x86_64
cjson-1.7.18-1.el8sat.x86_64.rpm SHA-256: 95e5aba1bc1e05e3ccc00fdaf68058060b96cc29ea55e914e0c2d59354c384c4
cjson-debuginfo-1.7.18-1.el8sat.x86_64.rpm SHA-256: 993b77a3a9020ba9569bfe1bd19bbd9b25975382a689df55f41c358d95daa385
cjson-debugsource-1.7.18-1.el8sat.x86_64.rpm SHA-256: 56d5f295e545bcfc46b8e8047aa0c19720dd84d2c6452fd2716032dd09fe65ac
python3.11-sqlparse-0.5.0-1.el8pc.noarch.rpm SHA-256: 0c2d3160cd74f37c1d9b4073cfe929e3b5489cac8ae7ff383a8332f9be689aa5
rubygem-rack-2.2.14-1.el8sat.noarch.rpm SHA-256: 71d67b7def81d1f551af25673e36007945c042945cb940d8792a11b892cd2db4
satellite-capsule-6.15.5.3-1.el8sat.noarch.rpm SHA-256: f91a29dfba636f39db51b23483f7418610245e91583e1f6195e40aebb28b85c6
satellite-common-6.15.5.3-1.el8sat.noarch.rpm SHA-256: bf7b07e09e5b15b5fb50ec9ce6422b8a122a4d7e3c619bb6beabec0f939f81e5

Red Hat Enterprise Linux for x86_64 8

SRPM
satellite-6.15.5.3-1.el8sat.src.rpm SHA-256: 067755e16b4e12425d41b33a3d0c51ecab4d60b189a4a433b8fec46525044082
x86_64
satellite-cli-6.15.5.3-1.el8sat.noarch.rpm SHA-256: f954fd6105f68cb85ffa3e7584c77e15bdb98fc33b877877cd4d9202d9bbc0e9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.