Red Hat Security Advisory: Satellite 6.16.6.1 Async Update
Red Hat Satellite 6. 16. 6. 1 for RHEL 8 and 9 includes security fixes addressing vulnerabilities in the python-urllib3 library. These vulnerabilities involve unbounded decompression chains leading to resource exhaustion, bypass of decompression-bomb safeguards when following HTTP redirects, and improper handling of highly compressed data in the streaming API. Users are advised to upgrade to the updated packages to remediate these issues. The advisory rates the security impact as Important (high severity).
AI Analysis
Technical Summary
This advisory covers multiple security vulnerabilities in the python-urllib3 library used by Red Hat Satellite 6.16.6.1. The issues include CVE-2025-66418, which allows unbounded decompression chains causing resource exhaustion; CVE-2026-21441, which enables bypassing decompression-bomb safeguards during HTTP redirects in the streaming API; and CVE-2025-66471, where the streaming API improperly handles highly compressed data. These vulnerabilities could lead to denial of service conditions due to resource exhaustion. The update fixes these vulnerabilities by providing patched urllib3 packages. The advisory applies to Red Hat Satellite 6.16 for RHEL 8 and 9 and related Capsule products.
Potential Impact
The vulnerabilities can cause resource exhaustion through unbounded decompression chains or bypass of decompression-bomb protections, potentially leading to denial of service in affected Red Hat Satellite environments. No known exploits in the wild have been reported. The impact is rated as Important by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated packages for Red Hat Satellite 6.16.6.1 that address these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata are installed. Detailed update instructions are available from Red Hat's official documentation. No additional mitigations are specified beyond applying the official patches.
Red Hat Security Advisory: Satellite 6.16.6.1 Async Update
Description
Red Hat Satellite 6. 16. 6. 1 for RHEL 8 and 9 includes security fixes addressing vulnerabilities in the python-urllib3 library. These vulnerabilities involve unbounded decompression chains leading to resource exhaustion, bypass of decompression-bomb safeguards when following HTTP redirects, and improper handling of highly compressed data in the streaming API. Users are advised to upgrade to the updated packages to remediate these issues. The advisory rates the security impact as Important (high severity).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers multiple security vulnerabilities in the python-urllib3 library used by Red Hat Satellite 6.16.6.1. The issues include CVE-2025-66418, which allows unbounded decompression chains causing resource exhaustion; CVE-2026-21441, which enables bypassing decompression-bomb safeguards during HTTP redirects in the streaming API; and CVE-2025-66471, where the streaming API improperly handles highly compressed data. These vulnerabilities could lead to denial of service conditions due to resource exhaustion. The update fixes these vulnerabilities by providing patched urllib3 packages. The advisory applies to Red Hat Satellite 6.16 for RHEL 8 and 9 and related Capsule products.
Potential Impact
The vulnerabilities can cause resource exhaustion through unbounded decompression chains or bypass of decompression-bomb protections, potentially leading to denial of service in affected Red Hat Satellite environments. No known exploits in the wild have been reported. The impact is rated as Important by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated packages for Red Hat Satellite 6.16.6.1 that address these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata are installed. Detailed update instructions are available from Red Hat's official documentation. No additional mitigations are specified beyond applying the official patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:2765
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-66471","CVE-2026-21441"]
- Cvss Version
- null
Threat ID: 6a160972e29bf47b5063a960
Added to database: 5/26/2026, 8:58:26 PM
Last enriched: 5/26/2026, 9:55:55 PM
Last updated: 5/27/2026, 5:02:38 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.