{"id":"RHSA-2025:13269","summary":"Red Hat Security Advisory: Satellite 6.17.3 Async Update","modified":"2026-03-21T10:11:22Z","published":"2025-08-08T10:04:26Z","upstream":["CVE-2024-49761"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:13269"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_satellite/6.17/html/updating_red_hat_satellite/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2322153"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35573"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35575"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35576"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35577"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35579"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35580"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35581"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35582"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35583"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35584"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35586"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35587"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-35718"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-36341"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/SAT-36426"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13269.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-49761"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-49761"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49761"},{"type":"ARTICLE","url":"https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f"},{"type":"ARTICLE","url":"https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761"}],"affected":[{"package":{"name":"puppet-agent","ecosystem":"Red Hat:satellite_capsule:6.17::el9","purl":"pkg:rpm/redhat/puppet-agent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.8.1-2.el9sat"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:13269.json"}},{"package":{"name":"puppetserver","ecosystem":"Red Hat:satellite_capsule:6.17::el9","purl":"pkg:rpm/redhat/puppetserver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.2-3.el9sat"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:13269.json"}},{"package":{"name":"puppet-agent","ecosystem":"Red Hat:satellite:6.17::el9","purl":"pkg:rpm/redhat/puppet-agent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.8.1-2.el9sat"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:13269.json"}},{"package":{"name":"puppetserver","ecosystem":"Red Hat:satellite:6.17::el9","purl":"pkg:rpm/redhat/puppetserver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.2-3.el9sat"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:13269.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}