{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Critical" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "A new satellite/iop-gateway-rhel9 container image is now generally available in the Red Hat container registry.", "title" : "Topic" }, { "category" : "general", "text" : "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:20442", "url" : "https://access.redhat.com/errata/RHSA-2026:20442" }, { "category" : "external", "summary" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index", "url" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-42945", "url" : "https://access.redhat.com/security/cve/CVE-2026-42945" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "external", "summary" : "https://catalog.redhat.com/software/containers/search", "url" : "https://catalog.redhat.com/software/containers/search" }, { "category" : "external", "summary" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite", "url" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite" }, { "category" : "external", "summary" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite", "url" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20442.json" } ], "title" : "Red Hat Security Advisory: General availability of the satellite/iop-gateway-rhel9 container image", "tracking" : { "current_release_date" : "2026-05-25T14:27:04+00:00", "generator" : { "date" : "2026-05-25T14:27:04+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.8.1" } }, "id" : "RHSA-2026:20442", "initial_release_date" : "2026-05-25T13:03:13+00:00", "revision_history" : [ { "date" : "2026-05-25T13:03:13+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-05-25T13:03:22+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-05-25T14:27:04+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Satellite 6.18", "product" : { "name" : "Red Hat Satellite 6.18", "product_id" : "Red Hat Satellite 6.18", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:satellite:6.18::el9" } } } ], "category" : "product_family", "name" : "Red Hat Satellite" }, { "branches" : [ { "category" : "product_version", "name" : "registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64", "product" : { "name" : "registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64", "product_id" : "registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64", "product_identification_helper" : { "purl" : "pkg:oci/iop-gateway-rhel9@sha256%3A8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64?arch=amd64&repository_url=registry.redhat.io/satellite&tag=1779706745" } } } ], "category" : "architecture", "name" : "amd64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64 as a component of Red Hat Satellite 6.18", "product_id" : "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64" }, "product_reference" : "registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64", "relates_to_product_reference" : "Red Hat Satellite 6.18" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-42945", "cwe" : { "id" : "CWE-131", "name" : "Incorrect Calculation of Buffer Size" }, "discovery_date" : "2026-05-13T16:04:29.017257+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2477116" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution if Address Space Layout Randomization (ASLR), a security technique to prevent exploitation, is disabled. Otherwise, this flaw causes a denial of service due to a restart of the NGINX worker process.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "nginx: NGINX: Arbitrary Code Execution Vulnerability", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Critical: This flaw in NGINX's ngx_http_rewrite_module can lead to arbitrary code execution due to a heap buffer overflow if Address Space Layout Randomization (ASLR) is disabled, or a denial of service otherwise. Exploitation requires specific, non-default NGINX rewrite configurations involving unnamed PCRE captures and a question mark in the replacement string.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-42945" }, { "category" : "external", "summary" : "RHBZ#2477116", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477116" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-42945", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-42945" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-42945", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-42945" }, { "category" : "external", "summary" : "https://depthfirst.com/nginx-rift", "url" : "https://depthfirst.com/nginx-rift" }, { "category" : "external", "summary" : "https://my.f5.com/manage/s/article/K000161019", "url" : "https://my.f5.com/manage/s/article/K000161019" } ], "release_date" : "2026-05-13T14:12:43.971000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-25T13:03:13+00:00", "details" : "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.", "product_ids" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:20442" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version" : "3.1" }, "products" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-gateway-rhel9@sha256:8337f2385786f2022f7828a28b0e85db5145ecf59eb401d251e6ca265b6c4e64_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Critical" } ], "title" : "nginx: NGINX: Arbitrary Code Execution Vulnerability" } ] }