{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Moderate" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "A new satellite/iop-yuptoo-rhel9 container image is now generally available in the Red Hat container registry.", "title" : "Topic" }, { "category" : "general", "text" : "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:26215", "url" : "https://access.redhat.com/errata/RHSA-2026:26215" }, { "category" : "external", "summary" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index", "url" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-44431", "url" : "https://access.redhat.com/security/cve/CVE-2026-44431" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "external", "summary" : "https://catalog.redhat.com/software/containers/search", "url" : "https://catalog.redhat.com/software/containers/search" }, { "category" : "external", "summary" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite", "url" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite" }, { "category" : "external", "summary" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite", "url" : "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26215.json" } ], "title" : "Red Hat Security Advisory: General availability of the satellite/iop-yuptoo-rhel9 container image", "tracking" : { "current_release_date" : "2026-06-18T20:02:22+00:00", "generator" : { "date" : "2026-06-18T20:02:22+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "5.0.0" } }, "id" : "RHSA-2026:26215", "initial_release_date" : "2026-06-16T08:53:03+00:00", "revision_history" : [ { "date" : "2026-06-16T08:53:03+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-06-16T08:53:09+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-06-18T20:02:22+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Satellite 6.18", "product" : { "name" : "Red Hat Satellite 6.18", "product_id" : "Red Hat Satellite 6.18", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:satellite:6.18::el9" } } } ], "category" : "product_family", "name" : "Red Hat Satellite" }, { "branches" : [ { "category" : "product_version", "name" : "registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64", "product" : { "name" : "registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64", "product_id" : "registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64", "product_identification_helper" : { "purl" : "pkg:oci/iop-yuptoo-rhel9@sha256%3Aa10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2?arch=amd64&repository_url=registry.redhat.io/satellite/iop-yuptoo-rhel9&tag=1779792968" } } } ], "category" : "architecture", "name" : "amd64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64 as a component of Red Hat Satellite 6.18", "product_id" : "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64" }, "product_reference" : "registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64", "relates_to_product_reference" : "Red Hat Satellite 6.18" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-44431", "cwe" : { "id" : "CWE-201", "name" : "Insertion of Sensitive Information Into Sent Data" }, "discovery_date" : "2026-05-13T17:01:41.663622+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2477167" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-44431" }, { "category" : "external", "summary" : "RHBZ#2477167", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477167" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-44431", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-44431" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-44431", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-44431" }, { "category" : "external", "summary" : "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc", "url" : "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc" } ], "release_date" : "2026-05-13T15:20:24.588000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-16T08:53:03+00:00", "details" : "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.", "product_ids" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:26215" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version" : "3.1" }, "products" : [ "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-yuptoo-rhel9@sha256:a10aae6084eba65f810db9b409ab9344243e2e39b44138330b72b9f13187d8b2_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers" } ] }