Red Hat Product Errata RHSA-2026:14874 - Security Advisory Issued: 2026-05-07 Updated: 2026-05-07 RHSA-2026:14874 - Security Advisory Overview Updated Packages Synopsis Important: Satellite 6.16.8 Async Update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image (CVE-2026-25990) candlepin: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727) python-markdown: denial of service via malformed HTML-like sequences (CVE-2025-69534) python-pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459) rubygem-activesupport: Active Support: Denial of Service via large scientific notation strings (CVE-2026-33176) Bug Fix(es): Satellite manifest consumer profile cert and key found in satellite client rhsm cache (SAT-43030) All communication should happen only over https during global registration execution (SAT-44031) Impossible to generate registration command via REST API in isolated networks managed by external capsules (SAT-44032) Executing the 'katello::clean_backend_objects' rake task takes a long time to complete (SAT-44033) Puppet fact parser can't create OS entry blocking Satellite leapp upgrades (SAT-44035) No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method (SAT-44036) Proxy password shown in clear text in the Overview page of Virt-who Configuration (SAT-43834) Non-admin users on Satellite with viewer role, unable to see the hostgroup. (SAT-44034) Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions how to apply this update, refer to: https://docs.redhat.com/en/documentation/red_hat_satellite/6.16/html/updating_red_hat_satellite/index Affected Products Red Hat Satellite 6.16 for RHEL 9 x86_64 Red Hat Satellite 6.16 for RHEL 8 x86_64 Red Hat Satellite Capsule 6.16 for RHEL 9 x86_64 Red Hat Satellite Capsule 6.16 for RHEL 8 x86_64 Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 8 x86_64 Fixes BZ - 2439170 - CVE-2026-25990 pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image BZ - 2442671 - CVE-2026-27727 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects BZ - 2444839 - CVE-2025-69534 python-markdown: denial of service via malformed HTML-like sequences BZ - 2448503 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow BZ - 2450551 - CVE-2026-33176 Rails: Active Support: Active Support: Denial of Service via large scientific notation strings SAT-43834 - Proxy password shown in clear text in the Overview page of Virt-who Configuration [satellite_6.16] SAT-44030 - Satellite manifest consumer profile cert and key found in satellite client rhsm cache [satellite_6.16] SAT-44031 - All communication should happen only over https during global registration execution [satellite_6.16] SAT-44032 - Impossible to generate registration command via REST API in isolated networks managed by external capsules [satellite_6.16] SAT-44033 - Executing the 'katello::clean_backend_objects' rake task takes a long time to complete [satellite_6.16] SAT-44034 - Non-admin users on Satellite with viewer role, unable to see the hostgroup [satellite_6.16] SAT-44035 - Puppet fact parser can't create OS entry blocking Satellite leapp upgrades [satellite_6.16] SAT-44036 - No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method [satellite_6.16] CVEs CVE-2025-69534 CVE-2026-25990 CVE-2026-27459 CVE-2026-27727 CVE-2026-33176 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Satellite 6.16 for RHEL 9 SRPM candlepin-4.4.25-1.el9sat.src.rpm SHA-256: b1b0734046a2a0f693c1bf507e1519e557a3c7f3094732c2fb74c76fb8c5c7de foreman-3.12.0.15-1.el9sat.src.rpm SHA-256: cb5d3b9bc0446c9d7aaee105d5ec6d43de734620be4355ca0fae4a1f6a655e94 foreman-installer-3.12.0.7-1.el9sat.src.rpm SHA-256: 9721cfeea6deb26ea215ab91054382373d8214b90a431dcf411f037aae7dca38 python-markdown-3.8.2-1.el9pc.src.rpm SHA-256: 24c9da3f21fa9428de77369feb9ea721d953ee17efe8defa55212f3951fd0452 python-pillow-12.1.1-1.el9pc.src.rpm SHA-256: 08ead7576f56584b606da07aff93ba951a49ecf4cfaf7b3d165db93810b7be18 python-pulp-ansible-0.21.10-3.el9pc.src.rpm SHA-256: 43215f346474af1b462593ffd98e739774dc0d05b22bc32ed46e769a1a27aa2c python-pyOpenSSL-24.1.0-2.el9pc.src.rpm SHA-256: 9d0f79c6231476c43d9e1ed25c7721e49b54b196909e29ce0dcffeae4420a9d1 rubygem-activesupport-6.1.7.8-2.el9sat.src.rpm SHA-256: c1bdda71c905913870310b8d5b1a3fc438e4088376a1b6eee626799daeca08c8 rubygem-foreman_virt_who_configure-0.5.23-3.el9sat.src.rpm SHA-256: c31b3e58da052fd1285f0e9c05efe618004c6fc5bc342aa709b01a661e2047d7 rubygem-katello-4.14.0.18-1.el9sat.src.rpm SHA-256: cbc5b385fbeb7d7512c281c7e5e3761ac5f11297805ba10182190d9665ebc338 satellite-6.16.8-1.el9sat.src.rpm SHA-256: 406757a146fad9139a96e5cbf3fba9b4239d0000f090c86158cb56d8f571167b x86_64 candlepin-4.4.25-1.el9sat.noarch.rpm SHA-256: 0c5f146c1c65aab901512c18768b5362024456d126ee1807eac2ad5500b3a441 candlepin-selinux-4.4.25-1.el9sat.noarch.rpm SHA-256: b68d8e0d660fe619bdab1c3b7e94580397f0817a9d69ae989b5fa88de09c8a4c foreman-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 9a9bf8cb9f28955be3c61f25d7f7d14a1008449ec4e92d842af2bfc8aa7cc915 foreman-cli-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 9ccc41d0dc870cc1ccf6e0f6ba12cff8fa0596b1b3c5ee02e4e4ba2a4406992c foreman-debug-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 191cd4bb69ffcac994dabbc0543c370635f46f809988a8adab106323cc4825e4 foreman-dynflow-sidekiq-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 3028e55a81422a55a755da202b7d3ee4ea7e132795119985e48dedd3e328d6e4 foreman-ec2-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 54018a0399152f1ce2bde1fa96279c0edf0076455473f83ae3443a9a17b8ee6d foreman-installer-3.12.0.7-1.el9sat.noarch.rpm SHA-256: 9e636f417d4a80e33e73beca5b30742b91d9e3288fe619601b1e89462ec7a25d foreman-installer-katello-3.12.0.7-1.el9sat.noarch.rpm SHA-256: da43c8de7de5beab32bc7608dcdef65f3cddd07384411f6fc6c1469038f2ddd5 foreman-journald-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 644d2660ab3025b2103a4a9b71970bcc0b6ef8545d45b5e0721d5087648aaccc foreman-libvirt-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 869d8e7f94b56b4a21375ba142b82ee34d85fd0d392a549a16c8307180bb9ded foreman-openstack-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 80e4284a0cb9dde5b7fc742259d3305301cd84846b542af1a9f3d400a1254dd6 foreman-ovirt-3.12.0.15-1.el9sat.noarch.rpm SHA-256: b02474cf5eee7da15ee7e1ac88012673e9e91fced779793477d1adea1ede130f foreman-pcp-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 4f7deed8ad31852c2612e9b116bcf25f3a12a01376d6b572e930ac08d2500d3c foreman-postgresql-3.12.0.15-1.el9sat.noarch.rpm SHA-256: bd43162640e618b445be4bbdd923d6df7950bdb868db189ed7fab77d186d25f5 foreman-redis-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 409b1b037039433f43b073936a2af96c7833bffe47e9c170450a956a432f7e25 foreman-service-3.12.0.15-1.el9sat.noarch.rpm SHA-256: 56e225558a407be93c41e13ee10ff0a65981575779589d4d6d7ba8e8073ec0be foreman-telemetry-3.12.0.15-1.el9sat.noarch.rpm SHA-256: f2559bead9b04864bf5aa2db4813137061619858457d0e0b3b42518f9d29e8b8 foreman-vmware-3.12.0.15-1.el9sat.noarch.rpm SHA-256: a4fb5a3b2e299258f871b0ece0f317ec351960b5b95c883c0483667b65f69dcb python-pillow-debugsource-12.1.1-1.el9pc.x86_64.rpm SHA-256: 60874d72ca7854fcccc273c6e1a425494dc991695b8d3c13c0893b8037ccc8a6 python3.11-markdown-3.8.2-1.el9pc.noarch.rpm SHA-256: 1533d837c2bad728ac64da2bf4ba9895f4e7e45e246d410bf6a3617ddb530cb6 python3.11-pillow-12.1.1-1.el9pc.x86_64.rpm SHA-256: 48ce9ec8bec986fe1e2e7695a7c3cde1abd60185e3e814ed0859baf588fde947 python3.11-pillow-debuginfo-12.1.1-1.el9pc.x86_64.rpm SHA-256: f035919b59e4d27f0420dd53f07ea160b746150917d05cc5ce78f05d051c5011 python3.11-pulp-ansible-0.21.10-3.el9pc.noarch.rpm SHA-256: 83292d5e325f56d5d63f636ce9ba34774676f31a8b8a14048f54a8936ab0ee56 python3.11-pyOpenSSL-24.1.0-2.el9pc.noarch.rpm SHA-256: 16535d83a9724ccebdcd858c5329ff374e93eeaa7e8950cc96117be822c6e298 rubygem-activesupport-6.1.7.8-2.el9sat.noarch.rpm SHA-256: a3ac0f4db7ba9a9f0de8a1daebbbfe138a2f616a8f4904263ad57365da19e0f4 rubygem-foreman_virt_who_configure-0.5.23-3.el9sat.noarch.rpm SHA-256: e42f1a326bac9d73f5b4b2b43dbf4c70ba281f81c9e7014e78f6fb5e3453737d rubygem-katello-4.14.0.18-1.el9sat.noarch.rpm SHA-256: 59cf459db06c22948539cfa8c1c9af90d55e661c6fab4ed6663ff7c4dcaa60ca satellite-6.16.8-1.el9sat.noarch.rpm SHA-256: 332ebb2cf6ed367ed9b50fa3570a29548db299d05dad87a99d2ff8a3f32e8282 satellite-cli-6.16.8-1.el9sat.noarch.rpm SHA-256: ea0b673fa16d1708e6ad3e5060fc4cebdc960cdb48d8b9c4ee2ab9ae4be1b5ab satellite-common-6.16.8-1.el9sat.noarch.rpm SHA-256: 6d6794b62ad0ab3df6b85b9a454174e5c22bdec24deeacf944aaa93a3471d568 Red Hat Satellite 6.16 for RHEL 8 SRPM candlepin-4.4.25-1.el8sat.src.rpm SHA-256: 6991dae341b71249d09921e2e19d6b5d0e7ce3ecc754bd4f9702a4559a03f532 foreman-3.12.0.15-1.el8sat.src.rpm SH