Red Hat Satellite 6.17.0 addresses four security vulnerabilities: CVE-2024-56374, a potential denial-of-service in python-django's IPv6 validation; CVE-2024-56326, a sandbox breakout in python-jinja2 via indirect reference to the format method; CVE-2025-27610, a local file inclusion vulnerability in rubygem-rack's Rack::Static component; and CVE-2025-27407, a remote code execution vulnerability in rubygem-graphql triggered by loading a crafted GraphQL schema. These vulnerabilities impact the provisioning and configuration management capabilities of Red Hat Satellite 6.17 for RHEL 9. Red Hat has released Satellite 6.17.0 as a security update to remediate these issues. The vendor advisory classifies the overall security impact as Moderate and recommends applying this update after prior errata are installed. No CVSS scores are provided in the advisory, and no known exploits in the wild have been reported.

The vulnerabilities collectively could allow denial-of-service, sandbox escape, local file inclusion, and remote code execution within the context of Red Hat Satellite 6.17. This could impact the integrity and availability of system management operations performed by Satellite. However, Red Hat classifies the overall security impact of the update as Moderate. No known active exploitation has been reported.

Red Hat has released Red Hat Satellite 6.17.0 to address these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their systems have been applied. Detailed update instructions are available in the Red Hat Satellite documentation. No additional mitigation steps are indicated by the vendor advisory.