RHSA-2026:28385HighCVSS 8.0
Red Hat Security Advisory: Satellite 6.18.6 Async Update
🔗 CVE IDs covered (3)
📋 Description
CVE-2026-25990 — pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image CVE-2026-27830 — c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:28385
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2439170
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2442908
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456336
- externalhttps://issues.redhat.com/browse/SAT-45570
- externalhttps://issues.redhat.com/browse/SAT-45571
- externalhttps://issues.redhat.com/browse/SAT-45836
- externalhttps://issues.redhat.com/browse/SAT-45883
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28385.json