RHEL 9Satellite 6.17.0 (重要) (RHSA-2025:4576)
medium Nessus Plugin ID 235426
語言:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。說明
遠端 Redhat Enterprise Linux 9 主機上安裝的多個套件受到 RHSA-2025:4576 公告中提及的多個弱點影響。Red Hat Satellite 是一套系統管理解決方案,讓組織無須為其伺服器或其他用戶端系統提供公共網際網路存取,就可以設定和維護系統。可執行預先定義標準作業環境的佈建和組態管理。
安全性修正:
* python-djangoIPv6 驗證中的潛在拒絕服務弱點 (CVE-2024-56374)
* python-jinja2透過間接參照格式化方法的沙箱入侵 (CVE-2024-56326)
* rubygem-rack:Rack::Static 中的本機檔案包含 (CVE-2025-27610)
* rubygem-graphql:載入特製的 GraphQL 配置時發生遠端程式碼執行弱點 (CVE-2025-27407)
Tenable 已直接從 Red Hat Enterprise Linux 安全公告擷取前置描述區塊。
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
更新受影響的套件。另請參閱
https://access.redhat.com/security/updates/classification/#important
https://issues.redhat.com/browse/SAT-12130
https://issues.redhat.com/browse/SAT-16243
https://issues.redhat.com/browse/SAT-16248
https://issues.redhat.com/browse/SAT-16392
https://issues.redhat.com/browse/SAT-17448
https://issues.redhat.com/browse/SAT-17783
https://issues.redhat.com/browse/SAT-19325
https://issues.redhat.com/browse/SAT-19336
https://issues.redhat.com/browse/SAT-19505
https://issues.redhat.com/browse/SAT-19515
https://issues.redhat.com/browse/SAT-19781
https://issues.redhat.com/browse/SAT-19933
https://issues.redhat.com/browse/SAT-20010
https://issues.redhat.com/browse/SAT-20579
https://issues.redhat.com/browse/SAT-20586
https://issues.redhat.com/browse/SAT-21359
https://issues.redhat.com/browse/SAT-22510
https://issues.redhat.com/browse/SAT-22966
https://issues.redhat.com/browse/SAT-23114
https://issues.redhat.com/browse/SAT-23229
https://issues.redhat.com/browse/SAT-2340
https://issues.redhat.com/browse/SAT-23647
https://issues.redhat.com/browse/SAT-24108
https://issues.redhat.com/browse/SAT-24282
https://issues.redhat.com/browse/SAT-24725
https://issues.redhat.com/browse/SAT-24795
https://issues.redhat.com/browse/SAT-25448
https://issues.redhat.com/browse/SAT-25464
https://issues.redhat.com/browse/SAT-2549
https://issues.redhat.com/browse/SAT-25949
https://issues.redhat.com/browse/SAT-26058
https://issues.redhat.com/browse/SAT-26076
https://issues.redhat.com/browse/SAT-26522
https://issues.redhat.com/browse/SAT-26537
https://issues.redhat.com/browse/SAT-26605
https://issues.redhat.com/browse/SAT-26741
https://issues.redhat.com/browse/SAT-26866
https://issues.redhat.com/browse/SAT-27070
https://issues.redhat.com/browse/SAT-27153
https://issues.redhat.com/browse/SAT-27221
https://issues.redhat.com/browse/SAT-27308
https://issues.redhat.com/browse/SAT-27349
https://issues.redhat.com/browse/SAT-27369
https://issues.redhat.com/browse/SAT-27374
https://issues.redhat.com/browse/SAT-27388
https://issues.redhat.com/browse/SAT-27418
https://issues.redhat.com/browse/SAT-27420
https://issues.redhat.com/browse/SAT-27427
https://issues.redhat.com/browse/SAT-27554
https://issues.redhat.com/browse/SAT-27620
https://issues.redhat.com/browse/SAT-27627
https://issues.redhat.com/browse/SAT-27675
https://issues.redhat.com/browse/SAT-27703
https://issues.redhat.com/browse/SAT-27717
https://issues.redhat.com/browse/SAT-27756
https://issues.redhat.com/browse/SAT-27847
https://issues.redhat.com/browse/SAT-27863
https://issues.redhat.com/browse/SAT-27874
https://issues.redhat.com/browse/SAT-27875
https://issues.redhat.com/browse/SAT-27924
https://issues.redhat.com/browse/SAT-27939
https://issues.redhat.com/browse/SAT-27979
https://issues.redhat.com/browse/SAT-28029
https://issues.redhat.com/browse/SAT-28060
https://issues.redhat.com/browse/SAT-28185
https://issues.redhat.com/browse/SAT-28216
https://issues.redhat.com/browse/SAT-28293
https://issues.redhat.com/browse/SAT-28311
https://issues.redhat.com/browse/SAT-28312
https://issues.redhat.com/browse/SAT-28337
https://issues.redhat.com/browse/SAT-28338
https://issues.redhat.com/browse/SAT-28356
https://issues.redhat.com/browse/SAT-28443
https://issues.redhat.com/browse/SAT-28464
https://issues.redhat.com/browse/SAT-28471
https://issues.redhat.com/browse/SAT-28472
https://issues.redhat.com/browse/SAT-28486
https://issues.redhat.com/browse/SAT-28493
https://issues.redhat.com/browse/SAT-28526
https://issues.redhat.com/browse/SAT-28538
https://issues.redhat.com/browse/SAT-28552
https://issues.redhat.com/browse/SAT-28553
https://issues.redhat.com/browse/SAT-28556
https://issues.redhat.com/browse/SAT-28575
https://issues.redhat.com/browse/SAT-28613
https://issues.redhat.com/browse/SAT-28662
https://issues.redhat.com/browse/SAT-28735
https://issues.redhat.com/browse/SAT-28743
https://issues.redhat.com/browse/SAT-28756
https://issues.redhat.com/browse/SAT-28818
https://issues.redhat.com/browse/SAT-28823
https://issues.redhat.com/browse/SAT-28826
https://issues.redhat.com/browse/SAT-28856
https://issues.redhat.com/browse/SAT-28894
https://issues.redhat.com/browse/SAT-28981
https://issues.redhat.com/browse/SAT-28994
https://issues.redhat.com/browse/SAT-29017
https://issues.redhat.com/browse/SAT-29058
https://issues.redhat.com/browse/SAT-29062
https://issues.redhat.com/browse/SAT-29068
https://issues.redhat.com/browse/SAT-29070
https://issues.redhat.com/browse/SAT-29090
https://issues.redhat.com/browse/SAT-29203
https://issues.redhat.com/browse/SAT-29209
https://issues.redhat.com/browse/SAT-29212
https://issues.redhat.com/browse/SAT-29214
https://issues.redhat.com/browse/SAT-29314
https://issues.redhat.com/browse/SAT-29322
https://issues.redhat.com/browse/SAT-29332
https://issues.redhat.com/browse/SAT-29345
https://issues.redhat.com/browse/SAT-29347
https://issues.redhat.com/browse/SAT-29454
https://issues.redhat.com/browse/SAT-29469
https://issues.redhat.com/browse/SAT-29567
https://issues.redhat.com/browse/SAT-29596
https://issues.redhat.com/browse/SAT-29622
https://issues.redhat.com/browse/SAT-29623
https://issues.redhat.com/browse/SAT-29667
https://issues.redhat.com/browse/SAT-29670
https://issues.redhat.com/browse/SAT-29675
https://issues.redhat.com/browse/SAT-29679
https://issues.redhat.com/browse/SAT-29794
https://issues.redhat.com/browse/SAT-29863
https://issues.redhat.com/browse/SAT-29939
https://issues.redhat.com/browse/SAT-29945
https://issues.redhat.com/browse/SAT-29950
https://issues.redhat.com/browse/SAT-29957
https://issues.redhat.com/browse/SAT-30004
https://issues.redhat.com/browse/SAT-30014
https://issues.redhat.com/browse/SAT-30043
https://issues.redhat.com/browse/SAT-30070
https://issues.redhat.com/browse/SAT-30098
https://issues.redhat.com/browse/SAT-30102
https://issues.redhat.com/browse/SAT-30106
https://issues.redhat.com/browse/SAT-30108
https://issues.redhat.com/browse/SAT-30112
https://issues.redhat.com/browse/SAT-30118
https://issues.redhat.com/browse/SAT-30138
https://issues.redhat.com/browse/SAT-30141
https://issues.redhat.com/browse/SAT-30152
https://issues.redhat.com/browse/SAT-30154
https://issues.redhat.com/browse/SAT-30167
https://issues.redhat.com/browse/SAT-30172
https://issues.redhat.com/browse/SAT-30176
https://issues.redhat.com/browse/SAT-30186
https://issues.redhat.com/browse/SAT-30188
https://issues.redhat.com/browse/SAT-30209
https://issues.redhat.com/browse/SAT-30220
https://issues.redhat.com/browse/SAT-30227
https://issues.redhat.com/browse/SAT-30228
https://issues.redhat.com/browse/SAT-30314
https://issues.redhat.com/browse/SAT-30342
https://issues.redhat.com/browse/SAT-30374
https://issues.redhat.com/browse/SAT-30378
https://issues.redhat.com/browse/SAT-30403
https://issues.redhat.com/browse/SAT-30443
https://issues.redhat.com/browse/SAT-30464
https://issues.redhat.com/browse/SAT-30491
https://issues.redhat.com/browse/SAT-30541
https://issues.redhat.com/browse/SAT-30543
https://issues.redhat.com/browse/SAT-30544
https://issues.redhat.com/browse/SAT-30577
https://issues.redhat.com/browse/SAT-30611
https://issues.redhat.com/browse/SAT-30614
https://issues.redhat.com/browse/SAT-30625
https://issues.redhat.com/browse/SAT-30636
https://issues.redhat.com/browse/SAT-30637
https://issues.redhat.com/browse/SAT-30669
https://issues.redhat.com/browse/SAT-30686
https://issues.redhat.com/browse/SAT-30715
https://issues.redhat.com/browse/SAT-30717
https://issues.redhat.com/browse/SAT-30726
https://issues.redhat.com/browse/SAT-30761
https://issues.redhat.com/browse/SAT-30767
https://issues.redhat.com/browse/SAT-30785
https://issues.redhat.com/browse/SAT-30790
https://issues.redhat.com/browse/SAT-30815
https://issues.redhat.com/browse/SAT-30841
https://issues.redhat.com/browse/SAT-30846
https://issues.redhat.com/browse/SAT-30869
https://issues.redhat.com/browse/SAT-30916
https://issues.redhat.com/browse/SAT-30961
https://issues.redhat.com/browse/SAT-30962
https://issues.redhat.com/browse/SAT-30967
https://issues.redhat.com/browse/SAT-30970
https://issues.redhat.com/browse/SAT-31040
https://issues.redhat.com/browse/SAT-31105
https://issues.redhat.com/browse/SAT-31111
https://issues.redhat.com/browse/SAT-31157
https://issues.redhat.com/browse/SAT-31160
https://issues.redhat.com/browse/SAT-31193
https://issues.redhat.com/browse/SAT-31196
https://issues.redhat.com/browse/SAT-31203
https://issues.redhat.com/browse/SAT-31220
https://issues.redhat.com/browse/SAT-31241
https://issues.redhat.com/browse/SAT-31308
https://issues.redhat.com/browse/SAT-31315
https://issues.redhat.com/browse/SAT-31316
https://issues.redhat.com/browse/SAT-31338
https://issues.redhat.com/browse/SAT-31351
https://issues.redhat.com/browse/SAT-31398
https://issues.redhat.com/browse/SAT-31451
https://issues.redhat.com/browse/SAT-31475
https://issues.redhat.com/browse/SAT-31479
https://issues.redhat.com/browse/SAT-31502
https://issues.redhat.com/browse/SAT-31526
https://issues.redhat.com/browse/SAT-31588
https://issues.redhat.com/browse/SAT-31602
https://issues.redhat.com/browse/SAT-31645
https://issues.redhat.com/browse/SAT-31813
https://issues.redhat.com/browse/SAT-31814
https://issues.redhat.com/browse/SAT-32426
https://issues.redhat.com/browse/SAT-32447
https://issues.redhat.com/browse/SAT-32467
https://issues.redhat.com/browse/SAT-32604
https://issues.redhat.com/browse/SAT-32605
https://issues.redhat.com/browse/SAT-5118
https://issues.redhat.com/browse/SAT-6776
Plugin 詳細資訊
嚴重性: Medium
ID: 235426
檔案名稱: redhat-RHSA-2025-4576.nasl
版本: 1.2
類型: local
代理程式: unix
已發布: 2025/5/7
已更新: 2025/6/5
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
風險資訊
VPR
風險因素: Critical
分數: 9.2
Vendor
Vendor Severity: Important
CVSS v2
風險因素: High
基本分數: 7.8
時間性分數: 5.8
媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS 評分資料來源: CVE-2025-27610
CVSS v3
風險因素: Critical
基本分數: 9
時間性分數: 7.8
媒介: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
CVSS 評分資料來源: CVE-2025-27407
CVSS v4
風險因素: Medium
Base Score: 5.4
Threat Score: 2
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS 評分資料來源: CVE-2024-56326
弱點資訊
CPE: cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:python3.11-django, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:python3.11-jinja2, p-cpe:/a:redhat:enterprise_linux:rubygem-graphql, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:rubygem-rack
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2025/5/6
弱點發布日期: 2024/12/23
參考資訊
CVE: CVE-2024-56326, CVE-2024-56374, CVE-2025-27407, CVE-2025-27610