Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
RHSA-2026:34366
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2026:34366
Import Source
https://security.access.redhat.com/data/osv/RHSA-2026:34366.json
JSON Data
https://api.test.osv.dev/v1/vulns/RHSA-2026:34366
Upstream
CVE-2026-32282
CVE-2026-40192
CVE-2026-5135
CVE-2026-5136
CVE-2026-5138
CVE-2026-5142
Related
GO-2026-4864
Published
2026-07-02T10:17:42Z
Modified
2026-07-02T10:49:25.097471448Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Red Hat Security Advisory: Satellite 6.17.9 Async Update
Details
References
https://access.redhat.com/errata/RHSA-2026:34366
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2452230
https://bugzilla.redhat.com/show_bug.cgi?id=2452970
https://bugzilla.redhat.com/show_bug.cgi?id=2452971
https://bugzilla.redhat.com/show_bug.cgi?id=2452999
https://bugzilla.redhat.com/show_bug.cgi?id=2456336
https://bugzilla.redhat.com/show_bug.cgi?id=2458856
https://issues.redhat.com/browse/SAT-44719
https://issues.redhat.com/browse/SAT-45923
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34366.json
https://access.redhat.com/security/cve/CVE-2026-5135
https://www.cve.org/CVERecord?id=CVE-2026-5135
https://nvd.nist.gov/vuln/detail/CVE-2026-5135
https://access.redhat.com/security/cve/CVE-2026-5136
https://www.cve.org/CVERecord?id=CVE-2026-5136
https://nvd.nist.gov/vuln/detail/CVE-2026-5136
https://access.redhat.com/security/cve/CVE-2026-5138
https://www.cve.org/CVERecord?id=CVE-2026-5138
https://nvd.nist.gov/vuln/detail/CVE-2026-5138
https://access.redhat.com/security/cve/CVE-2026-5142
https://www.cve.org/CVERecord?id=CVE-2026-5142
https://nvd.nist.gov/vuln/detail/CVE-2026-5142
https://access.redhat.com/security/cve/CVE-2026-32282
https://www.cve.org/CVERecord?id=CVE-2026-32282
https://nvd.nist.gov/vuln/detail/CVE-2026-32282
https://go.dev/cl/763761
https://go.dev/issue/78293
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
https://pkg.go.dev/vuln/GO-2026-4864
https://access.redhat.com/security/cve/CVE-2026-40192
https://www.cve.org/CVERecord?id=CVE-2026-40192
https://nvd.nist.gov/vuln/detail/CVE-2026-40192
https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628
https://github.com/python-pillow/Pillow/pull/9521
https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j
https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb
Affected packages
Red Hat:satellite:6.17::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-cli
Package
Name
foreman-cli
Purl
pkg:rpm/redhat/foreman-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-debug
Package
Name
foreman-debug
Purl
pkg:rpm/redhat/foreman-debug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-dynflow-sidekiq
Package
Name
foreman-dynflow-sidekiq
Purl
pkg:rpm/redhat/foreman-dynflow-sidekiq
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-ec2
Package
Name
foreman-ec2
Purl
pkg:rpm/redhat/foreman-ec2
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-journald
Package
Name
foreman-journald
Purl
pkg:rpm/redhat/foreman-journald
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-libvirt
Package
Name
foreman-libvirt
Purl
pkg:rpm/redhat/foreman-libvirt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-openstack
Package
Name
foreman-openstack
Purl
pkg:rpm/redhat/foreman-openstack
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-ovirt
Package
Name
foreman-ovirt
Purl
pkg:rpm/redhat/foreman-ovirt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-pcp
Package
Name
foreman-pcp
Purl
pkg:rpm/redhat/foreman-pcp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-postgresql
Package
Name
foreman-postgresql
Purl
pkg:rpm/redhat/foreman-postgresql
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-redis
Package
Name
foreman-redis
Purl
pkg:rpm/redhat/foreman-redis
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-service
Package
Name
foreman-service
Purl
pkg:rpm/redhat/foreman-service
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-telemetry
Package
Name
foreman-telemetry
Purl
pkg:rpm/redhat/foreman-telemetry
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-vmware
Package
Name
foreman-vmware
Purl
pkg:rpm/redhat/foreman-vmware
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
dynflow-utils
Package
Name
dynflow-utils
Purl
pkg:rpm/redhat/dynflow-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.6.3-1.1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
yggdrasil-worker-forwarder
Package
Name
yggdrasil-worker-forwarder
Purl
pkg:rpm/redhat/yggdrasil-worker-forwarder
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.0.3-5.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python-pillow
Package
Name
python-pillow
Purl
pkg:rpm/redhat/python-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python-pillow-debugsource
Package
Name
python-pillow-debugsource
Purl
pkg:rpm/redhat/python-pillow-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python3.11-pillow
Package
Name
python3.11-pillow
Purl
pkg:rpm/redhat/python3.11-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python3.11-pillow-debuginfo
Package
Name
python3.11-pillow-debuginfo
Purl
pkg:rpm/redhat/python3.11-pillow-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
Red Hat:satellite_capsule:6.17::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-debug
Package
Name
foreman-debug
Purl
pkg:rpm/redhat/foreman-debug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-pcp
Package
Name
foreman-pcp
Purl
pkg:rpm/redhat/foreman-pcp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
dynflow-utils
Package
Name
dynflow-utils
Purl
pkg:rpm/redhat/dynflow-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.6.3-1.1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python-pillow
Package
Name
python-pillow
Purl
pkg:rpm/redhat/python-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python-pillow-debugsource
Package
Name
python-pillow-debugsource
Purl
pkg:rpm/redhat/python-pillow-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python3.11-pillow
Package
Name
python3.11-pillow
Purl
pkg:rpm/redhat/python3.11-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
python3.11-pillow-debuginfo
Package
Name
python3.11-pillow-debuginfo
Purl
pkg:rpm/redhat/python3.11-pillow-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:12.2.0-1.el9pc
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
Red Hat:satellite_utils:6.17::el9
foreman
Package
Name
foreman
Purl
pkg:rpm/redhat/foreman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
foreman-cli
Package
Name
foreman-cli
Purl
pkg:rpm/redhat/foreman-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.14.0.17-1.el9sat
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:34366.json"
RHSA-2026:34366 - OSV