Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
RHSA-2026:34365
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2026:34365
Import Source
https://security.access.redhat.com/data/osv/RHSA-2026:34365.json
JSON Data
https://api.test.osv.dev/v1/vulns/RHSA-2026:34365
Upstream
CVE-2026-25679
CVE-2026-27727
CVE-2026-32280
CVE-2026-32281
CVE-2026-32282
CVE-2026-32283
CVE-2026-33810
CVE-2026-40192
CVE-2026-48526
CVE-2026-5135
CVE-2026-5136
CVE-2026-5138
CVE-2026-5142
Related
GO-2026-4601
GO-2026-4864
GO-2026-4866
GO-2026-4870
GO-2026-4946
GO-2026-4947
Published
2026-07-02T10:17:42Z
Modified
2026-07-02T10:49:21.029727114Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
CVSS Calculator
Summary
Red Hat Security Advisory: Satellite 6.19.2 Async Update
Details
References
https://access.redhat.com/errata/RHSA-2026:34365
https://access.redhat.com/security/updates/classification/#important
https://issues.redhat.com/browse/SAT-46096
https://issues.redhat.com/browse/SAT-46097
https://issues.redhat.com/browse/SAT-46098
https://issues.redhat.com/browse/SAT-46101
https://issues.redhat.com/browse/SAT-46102
https://issues.redhat.com/browse/SAT-46103
https://issues.redhat.com/browse/SAT-46106
https://issues.redhat.com/browse/SAT-46107
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34365.json
https://access.redhat.com/security/cve/CVE-2026-5135
https://bugzilla.redhat.com/show_bug.cgi?id=2452230
https://www.cve.org/CVERecord?id=CVE-2026-5135
https://nvd.nist.gov/vuln/detail/CVE-2026-5135
https://access.redhat.com/security/cve/CVE-2026-5136
https://bugzilla.redhat.com/show_bug.cgi?id=2452970
https://www.cve.org/CVERecord?id=CVE-2026-5136
https://nvd.nist.gov/vuln/detail/CVE-2026-5136
https://access.redhat.com/security/cve/CVE-2026-5138
https://bugzilla.redhat.com/show_bug.cgi?id=2452971
https://www.cve.org/CVERecord?id=CVE-2026-5138
https://nvd.nist.gov/vuln/detail/CVE-2026-5138
https://access.redhat.com/security/cve/CVE-2026-5142
https://bugzilla.redhat.com/show_bug.cgi?id=2452999
https://www.cve.org/CVERecord?id=CVE-2026-5142
https://nvd.nist.gov/vuln/detail/CVE-2026-5142
https://access.redhat.com/security/cve/CVE-2026-25679
https://bugzilla.redhat.com/show_bug.cgi?id=2445356
https://www.cve.org/CVERecord?id=CVE-2026-25679
https://nvd.nist.gov/vuln/detail/CVE-2026-25679
https://go.dev/cl/752180
https://go.dev/issue/77578
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4601
https://access.redhat.com/security/cve/CVE-2026-27727
https://bugzilla.redhat.com/show_bug.cgi?id=2442671
https://www.cve.org/CVERecord?id=CVE-2026-27727
https://nvd.nist.gov/vuln/detail/CVE-2026-27727
https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44
https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal
https://www.mchange.com/projects/c3p0/#configuring_security
https://www.mchange.com/projects/c3p0/#security-note
https://access.redhat.com/security/cve/CVE-2026-32280
https://bugzilla.redhat.com/show_bug.cgi?id=2456339
https://www.cve.org/CVERecord?id=CVE-2026-32280
https://nvd.nist.gov/vuln/detail/CVE-2026-32280
https://go.dev/cl/758320
https://go.dev/issue/78282
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
https://pkg.go.dev/vuln/GO-2026-4947
https://access.redhat.com/security/cve/CVE-2026-32281
https://bugzilla.redhat.com/show_bug.cgi?id=2456333
https://www.cve.org/CVERecord?id=CVE-2026-32281
https://nvd.nist.gov/vuln/detail/CVE-2026-32281
https://go.dev/cl/758061
https://go.dev/issue/78281
https://pkg.go.dev/vuln/GO-2026-4946
https://access.redhat.com/security/cve/CVE-2026-32282
https://bugzilla.redhat.com/show_bug.cgi?id=2456336
https://www.cve.org/CVERecord?id=CVE-2026-32282
https://nvd.nist.gov/vuln/detail/CVE-2026-32282
https://go.dev/cl/763761
https://go.dev/issue/78293
https://pkg.go.dev/vuln/GO-2026-4864
https://access.redhat.com/security/cve/CVE-2026-32283
https://bugzilla.redhat.com/show_bug.cgi?id=2456338
https://www.cve.org/CVERecord?id=CVE-2026-32283
https://nvd.nist.gov/vuln/detail/CVE-2026-32283
https://go.dev/cl/763767
https://go.dev/issue/78334
https://pkg.go.dev/vuln/GO-2026-4870
https://access.redhat.com/security/cve/CVE-2026-33810
https://bugzilla.redhat.com/show_bug.cgi?id=2456335
https://www.cve.org/CVERecord?id=CVE-2026-33810
https://nvd.nist.gov/vuln/detail/CVE-2026-33810
https://go.dev/cl/763763
https://go.dev/issue/78332
https://pkg.go.dev/vuln/GO-2026-4866
https://access.redhat.com/security/cve/CVE-2026-40192
https://bugzilla.redhat.com/show_bug.cgi?id=2458856
https://www.cve.org/CVERecord?id=CVE-2026-40192
https://nvd.nist.gov/vuln/detail/CVE-2026-40192
https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628
https://github.com/python-pillow/Pillow/pull/9521
https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j
https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb
https://access.redhat.com/security/cve/CVE-2026-48526
https://bugzilla.redhat.com/show_bug.cgi?id=2482734
https://www.cve.org/CVERecord?id=CVE-2026-48526
https://nvd.nist.gov/vuln/detail/CVE-2026-48526
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx
Affected packages
Red Hat:satellite:6.19::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-cli
Package
Name
foreman-cli
Purl
pkg:rpm/redhat/foreman-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-debug
Package
Name
foreman-debug
Purl
pkg:rpm/redhat/foreman-debug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-dynflow-sidekiq
Package
Name
foreman-dynflow-sidekiq
Purl
pkg:rpm/redhat/foreman-dynflow-sidekiq
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-ec2
Package
Name
foreman-ec2
Purl
pkg:rpm/redhat/foreman-ec2
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-journald
Package
Name
foreman-journald
Purl
pkg:rpm/redhat/foreman-journald
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-libvirt
Package
Name
foreman-libvirt
Purl
pkg:rpm/redhat/foreman-libvirt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-openstack
Package
Name
foreman-openstack
Purl
pkg:rpm/redhat/foreman-openstack
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-pcp
Package
Name
foreman-pcp
Purl
pkg:rpm/redhat/foreman-pcp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-postgresql
Package
Name
foreman-postgresql
Purl
pkg:rpm/redhat/foreman-postgresql
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-redis
Package
Name
foreman-redis
Purl
pkg:rpm/redhat/foreman-redis
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-service
Package
Name
foreman-service
Purl
pkg:rpm/redhat/foreman-service
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-telemetry
Package
Name
foreman-telemetry
Purl
pkg:rpm/redhat/foreman-telemetry
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-vmware
Package
Name
foreman-vmware
Purl
pkg:rpm/redhat/foreman-vmware
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
yggdrasil-worker-forwarder
Package
Name
yggdrasil-worker-forwarder
Purl
pkg:rpm/redhat/yggdrasil-worker-forwarder
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.0.3-5.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
candlepin
Package
Name
candlepin
Purl
pkg:rpm/redhat/candlepin
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.7.5-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
candlepin-selinux
Package
Name
candlepin-selinux
Purl
pkg:rpm/redhat/candlepin-selinux
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.7.5-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow
Package
Name
python3.12-pillow
Purl
pkg:rpm/redhat/python3.12-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow-debuginfo
Package
Name
python3.12-pillow-debuginfo
Purl
pkg:rpm/redhat/python3.12-pillow-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow-debugsource
Package
Name
python3.12-pillow-debugsource
Purl
pkg:rpm/redhat/python3.12-pillow-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pyjwt+crypto
Package
Name
python3.12-pyjwt+crypto
Purl
pkg:rpm/redhat/python3.12-pyjwt%2Bcrypto
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.13.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pyjwt
Package
Name
python3.12-pyjwt
Purl
pkg:rpm/redhat/python3.12-pyjwt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.13.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
Red Hat:satellite_capsule:6.19::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-debug
Package
Name
foreman-debug
Purl
pkg:rpm/redhat/foreman-debug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-pcp
Package
Name
foreman-pcp
Purl
pkg:rpm/redhat/foreman-pcp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow
Package
Name
python3.12-pillow
Purl
pkg:rpm/redhat/python3.12-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow-debuginfo
Package
Name
python3.12-pillow-debuginfo
Purl
pkg:rpm/redhat/python3.12-pillow-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pillow-debugsource
Package
Name
python3.12-pillow-debugsource
Purl
pkg:rpm/redhat/python3.12-pillow-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pyjwt+crypto
Package
Name
python3.12-pyjwt+crypto
Purl
pkg:rpm/redhat/python3.12-pyjwt%2Bcrypto
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.13.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
python3.12-pyjwt
Package
Name
python3.12-pyjwt
Purl
pkg:rpm/redhat/python3.12-pyjwt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.13.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
Red Hat:satellite_utils:6.19::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
foreman-cli
Package
Name
foreman-cli
Purl
pkg:rpm/redhat/foreman-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.18.0.7-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34365.json"
RHSA-2026:34365 - OSV