Red Hat Product Errata RHSA-2026:14873 - Security Advisory Issued: 2026-05-07 Updated: 2026-05-07 RHSA-2026:14873 - Security Advisory Overview Updated Packages Synopsis Important: Satellite 6.17.8 Async Update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Description Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image (CVE-2026-25990) candlepin: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727) python-markdown: denial of service via malformed HTML-like sequences (CVE-2025-69534) python-pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459) rubygem-activesupport: Active Support: Denial of Service via large scientific notation strings (CVE-2026-33176) Bug Fix(es): Satellite manifest consumer profile cert and key found in satellite client rhsm cache (SAT-43920) All communication should happen only over https during global registration execution (SAT-43921) Impossible to generate registration command via REST API in isolated networks managed by external capsules (SAT-43922) Errata applicability and Refresh applicability tasks for RHEL 7 hosts runs dnf command. (SAT-43923) BIOS info is not populated in All hosts page and in Host Details tab (SAT-43925) Executing the 'katello::clean_backend_objects' rake task takes a long time to complete (SAT-43926) Puppet fact parser can't create OS entry blocking Satellite leapp upgrades (SAT-43928) No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method (SAT-43929) Proxy password shown in clear text in the Overview page of Virt-who Configuration (SAT-43931) Non-admin users on Satellite with viewer role, unable to see the hostgroup. (SAT-44039) Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions how to apply this update, refer to: https://docs.redhat.com/en/documentation/red_hat_satellite/6.17/html/updating_red_hat_satellite/index Affected Products Red Hat Satellite 6.17 x86_64 Red Hat Satellite Capsule 6.17 x86_64 Red Hat Enterprise Linux for x86_64 9 x86_64 Fixes BZ - 2439170 - CVE-2026-25990 pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image BZ - 2442671 - CVE-2026-27727 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects BZ - 2444839 - CVE-2025-69534 python-markdown: denial of service via malformed HTML-like sequences BZ - 2448503 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow BZ - 2450551 - CVE-2026-33176 Rails: Active Support: Active Support: Denial of Service via large scientific notation strings SAT-43920 - Satellite manifest consumer profile cert and key found in satellite client rhsm cache [rhn_satellite_6.17] SAT-43921 - All communication should happen only over https during global registration execution [rhn_satellite_6.17] SAT-43922 - Impossible to generate registration command via REST API in isolated networks managed by external capsules [rhn_satellite_6.17] SAT-43923 - Errata applicability and Refresh applicability tasks for RHEL 7 hosts runs dnf command. [rhn_satellite_6.17] SAT-43925 - BIOS info is not populated in All hosts page and in Host Details tab [rhn_satellite_6.17] SAT-43926 - Executing the 'katello::clean_backend_objects' rake task takes a long time to complete [rhn_satellite_6.17] SAT-43928 - Puppet fact parser can't create OS entry blocking Satellite leapp upgrades [rhn_satellite_6.17] SAT-43929 - No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method [rhn_satellite_6.17] SAT-43931 - Proxy password shown in clear text in the Overview page of Virt-who Configuration [rhn_satellite_6.17] SAT-44039 - Non-admin users on Satellite with viewer role, unable to see the hostgroup. [rhn_satellite_6.17] CVEs CVE-2025-69534 CVE-2026-25990 CVE-2026-27459 CVE-2026-27727 CVE-2026-33176 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Satellite 6.17 SRPM candlepin-4.4.25-1.el9sat.src.rpm SHA-256: b1b0734046a2a0f693c1bf507e1519e557a3c7f3094732c2fb74c76fb8c5c7de foreman-3.14.0.16-1.el9sat.src.rpm SHA-256: 5bdfd35e40d7c13c8a34364f4153520e6a725cc1ec5ceb84bd8e49fc05eb5acd foreman-installer-3.14.0.10-1.el9sat.src.rpm SHA-256: 3670cd299b31cc28faf611853faa4d6b7412bf34eac84c306b9465d6cd9db16d python-markdown-3.8.2-1.el9pc.src.rpm SHA-256: 24c9da3f21fa9428de77369feb9ea721d953ee17efe8defa55212f3951fd0452 python-pillow-12.1.1-1.el9pc.src.rpm SHA-256: 08ead7576f56584b606da07aff93ba951a49ecf4cfaf7b3d165db93810b7be18 python-pulp-ansible-0.22.4-2.el9pc.src.rpm SHA-256: bd21014e2c131e643282e71a1399c64a6c23713a9b5423bec1ba09876df695c5 python-pyOpenSSL-25.1.0-0.3.el9pc.src.rpm SHA-256: df3c688c05574c8fb8bc5049f74ade70bd0440d1a98019846ea5eb2c02822b9c rubygem-activesupport-7.0.8.7-2.el9sat.src.rpm SHA-256: c16e5e04d10682363bddea507e852141d100b29ef83fe808b6b8cf817e84d04c rubygem-foreman_virt_who_configure-0.5.26-2.el9sat.src.rpm SHA-256: ef946a08d9222f25275a7ba532ae6b3c5024932cbb22b842070184d09615fcec rubygem-katello-4.16.0.15-1.el9sat.src.rpm SHA-256: a73d41e970f11832ac5fc8ff096419da040d4f2feabc59851700278ac9f01ecf satellite-6.17.8-1.el9sat.src.rpm SHA-256: 735bb1898b117c0118c08be245bdf4e7f108940ccd7aff12f70cb5fee182f48d x86_64 candlepin-4.4.25-1.el9sat.noarch.rpm SHA-256: 0c5f146c1c65aab901512c18768b5362024456d126ee1807eac2ad5500b3a441 candlepin-selinux-4.4.25-1.el9sat.noarch.rpm SHA-256: b68d8e0d660fe619bdab1c3b7e94580397f0817a9d69ae989b5fa88de09c8a4c foreman-3.14.0.16-1.el9sat.noarch.rpm SHA-256: d67252d0ca008e843ea3a101a32216c44ca617d5b2e01d6046eedb6ef0433d8b foreman-cli-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 0a4fd8dea34bb6a717cb2ba04612711cf02f74e57f7c24d96892fdd2570a05a8 foreman-debug-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 74c17c6433af15e4da88ad7965a3ea41905b6c556883af8f4d5fd3e131b84693 foreman-dynflow-sidekiq-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 2a2d0a7cd9ebc81d75673a4fddeab1afd84bea71ce1de2be76310c49a34ef47e foreman-ec2-3.14.0.16-1.el9sat.noarch.rpm SHA-256: d0ce57e336889f652135aecbcff8efffef6329d9d824fd1d2f971eab7d79face foreman-installer-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 395a13ffec48b692aa9b0133c8e31131e7bc01b3a8a940bbc06c344bd0ca37db foreman-installer-katello-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 20b0c8980d16667c91aa1c16341210cfa4afddb97aa6da6b4d246991119018d8 foreman-journald-3.14.0.16-1.el9sat.noarch.rpm SHA-256: dfce1d782abe1a07858c75a03cd918dde35a5b651e19b01451c475c6ee30ba6c foreman-libvirt-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 5a575a2f74d62fc37268e7f3be6e7dff2c12b97fb7b425a4b0a550e33c353026 foreman-openstack-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 80527ef6bb046e9181788fb85dbb7685d0622e1ca0bcc493f65bfcceca88e70b foreman-ovirt-3.14.0.16-1.el9sat.noarch.rpm SHA-256: e8b1ba89657265f926106dabc6487e73bdfa6948c81b96c1c896985e1134e620 foreman-pcp-3.14.0.16-1.el9sat.noarch.rpm SHA-256: e331ae981da7c4f84eed3886d8e8f8dd3c4b60ae6406a8bc37e57dffbaa5498f foreman-postgresql-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 81a372adc197e0761e283fc7ba0d4b921d3a8d88d19bc2c709339fe132baba36 foreman-redis-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 56facf4c5b7f167f10766ebc112a2b24ca8c52373d76d843077767bd621c45a5 foreman-service-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 7cbab0b5a43273cea0aeb908bfc29509e0c0e1a6c2260a9a8e13d70710899c72 foreman-telemetry-3.14.0.16-1.el9sat.noarch.rpm SHA-256: fecada14df427532080ff5e89a5d904bfb2add742ee81e9d472269c1082b6723 foreman-vmware-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 9369c4d55146cda928e8c2b31ca422635908456a29dce4cfbf39b59198f0aa04 python-pillow-debugsource-12.1.1-1.el9pc.x86_64.rpm SHA-256: 60874d72ca7854fcccc273c6e1a425494dc991695b8d3c13c0893b8037ccc8a6 python3.11-markdown-3.8.2-1.el9pc.noarch.rpm SHA-256: 1533d837c2bad728ac64da2bf4ba9895f4e7e45e246d410bf6a3617ddb530cb6 python3.11-pillow-12.1.1-1.el9pc.x86_64.rpm SHA-256: 48ce9ec8bec986fe1e2e7695a7c3cde1abd60185e3e814ed0859baf588fde947 python3.11-pillow-debuginfo-12.1.1-1.el9pc.x86_64.rpm SHA-256: f035919b59e4d27f0420dd53f07ea160b746150917d05cc5ce78f05d051c5011 python3.11-pulp-ansible-0.22.4-2.el9pc.noarch.rpm SHA-256: 9df6c882b8e58ecb9c1e5d8190aef2daefc873d808a0eb22fee5a1623c1fd678 python3.11-pyOpenSSL-25.1.0-0.3.el9pc.noarch.rpm SHA-256: 01a11b898f7d22f1679ab9f2832b19ec4727d5a13f3a606c4cb3d45a25e7b8b8 rubygem-activesupport-7.0.8.7-2.el9sat.noarch.rpm SHA-256: 87c649ce1e8f0bb217b9b7aad15630502e0a8d0956e0d2961156f9afa01f9d3e rubygem-foreman_virt_who_configure-0.5.26-2.el9sat.noarch.rpm SHA-256: 1fa787682ffce433fd4a4f691dee785a93edcaef42fe17f208ee7ebdb3fb5782 rubygem-katello-4.16.0.15-1.el9sat.noarch.rpm SHA-256: 0a9c7bfafc2dff149a8284763d6fd42eaacd928c71311224804afffe99aa4593 satellite-6.17.8-1.el9sat.noarch.rpm SHA-256: 82108ebb28f3b61df335b42eb983250f05efd2415a48669deaea5b38a48967c6 satellite-cli-6.17.8-1.el9sat.noarch.rpm SHA-256: 801d1089a061e141e6df0d6ddbe756eb624bdc801d76156377b15c6f71405251 satellite-common-6.17.8-1.el9sat.noarch.rpm SHA-256: b44ecb8ecec5d8fd34a7f3d2d7c654cfda7f8ee4fd0ca6b696f8a9c4eee8db9f satellite-obsolete-packages-6.17.8-1.el9sat.noarch.rpm SHA-256: d1a9959dc4fe6dc67689d75c6a4e243fe08e0dfaeaec0809a74975fc9121c284 Red Hat Satellite Capsule 6.17 SRPM foreman-3.14.0.16-1.el