RHEL 9Satellite 6.17.0 重要度高RHSA-2025:4576
medium Nessus プラグイン ID 235426
Language:
概要
リモートの Red Hat ホストに 1 つ以上のセキュリティ更新プログラムがありません。説明
リモート Redhat Enterprise Linux 9 ホストに、RHSA-2025:4576 アドバイザリに記載されている複数の脆弱性の影響を受けるパッケージがインストールされています。Red Hat Satellite はシステム管理ソリューションです。これを使用することで組織は、組織のサーバーやその他クライアントシステムにパブリックインターネットアクセスを提供することなく、システムの設定や維持を行うことができるようになります。また、このソリューションは、事前に定義された標準のオペレーティング環境のプロビジョニングや設定管理も行います。
セキュリティ修正プログラム:
* python-djangoIPv6 検証における潜在的なサービス拒否の脆弱性CVE-2024-56374
* python-jinja2フォーマットメソッドへの間接参照を通じたサンドボックスの脱出CVE-2024-56326
* rubygem-rack: Rack::Static のローカルファイルインクルード (CVE-2025-27610)
* rubygem-graphql: 細工された GraphQL スキーマをロードするときのリモートコード実行 (CVE-2025-27407)
Tenable は、前述の記述ブロックを Red Hat Enterprise Linux セキュリティアドバイザリから直接抽出しています。
Nessus はこれらの問題をテストしておらず、代わりにアプリケーションが自己報告するバージョン番号にのみ依存していることに注意してください。
ソリューション
影響を受けるパッケージを更新してください。参考資料
https://access.redhat.com/security/updates/classification/#important
https://issues.redhat.com/browse/SAT-12130
https://issues.redhat.com/browse/SAT-16243
https://issues.redhat.com/browse/SAT-16248
https://issues.redhat.com/browse/SAT-16392
https://issues.redhat.com/browse/SAT-17448
https://issues.redhat.com/browse/SAT-17783
https://issues.redhat.com/browse/SAT-19325
https://issues.redhat.com/browse/SAT-19336
https://issues.redhat.com/browse/SAT-19505
https://issues.redhat.com/browse/SAT-19515
https://issues.redhat.com/browse/SAT-19781
https://issues.redhat.com/browse/SAT-19933
https://issues.redhat.com/browse/SAT-20010
https://issues.redhat.com/browse/SAT-20579
https://issues.redhat.com/browse/SAT-20586
https://issues.redhat.com/browse/SAT-21359
https://issues.redhat.com/browse/SAT-22510
https://issues.redhat.com/browse/SAT-22966
https://issues.redhat.com/browse/SAT-23114
https://issues.redhat.com/browse/SAT-23229
https://issues.redhat.com/browse/SAT-2340
https://issues.redhat.com/browse/SAT-23647
https://issues.redhat.com/browse/SAT-24108
https://issues.redhat.com/browse/SAT-24282
https://issues.redhat.com/browse/SAT-24725
https://issues.redhat.com/browse/SAT-24795
https://issues.redhat.com/browse/SAT-25448
https://issues.redhat.com/browse/SAT-25464
https://issues.redhat.com/browse/SAT-2549
https://issues.redhat.com/browse/SAT-25949
https://issues.redhat.com/browse/SAT-26058
https://issues.redhat.com/browse/SAT-26076
https://issues.redhat.com/browse/SAT-26522
https://issues.redhat.com/browse/SAT-26537
https://issues.redhat.com/browse/SAT-26605
https://issues.redhat.com/browse/SAT-26741
https://issues.redhat.com/browse/SAT-26866
https://issues.redhat.com/browse/SAT-27070
https://issues.redhat.com/browse/SAT-27153
https://issues.redhat.com/browse/SAT-27221
https://issues.redhat.com/browse/SAT-27308
https://issues.redhat.com/browse/SAT-27349
https://issues.redhat.com/browse/SAT-27369
https://issues.redhat.com/browse/SAT-27374
https://issues.redhat.com/browse/SAT-27388
https://issues.redhat.com/browse/SAT-27418
https://issues.redhat.com/browse/SAT-27420
https://issues.redhat.com/browse/SAT-27427
https://issues.redhat.com/browse/SAT-27554
https://issues.redhat.com/browse/SAT-27620
https://issues.redhat.com/browse/SAT-27627
https://issues.redhat.com/browse/SAT-27675
https://issues.redhat.com/browse/SAT-27703
https://issues.redhat.com/browse/SAT-27717
https://issues.redhat.com/browse/SAT-27756
https://issues.redhat.com/browse/SAT-27847
https://issues.redhat.com/browse/SAT-27863
https://issues.redhat.com/browse/SAT-27874
https://issues.redhat.com/browse/SAT-27875
https://issues.redhat.com/browse/SAT-27924
https://issues.redhat.com/browse/SAT-27939
https://issues.redhat.com/browse/SAT-27979
https://issues.redhat.com/browse/SAT-28029
https://issues.redhat.com/browse/SAT-28060
https://issues.redhat.com/browse/SAT-28185
https://issues.redhat.com/browse/SAT-28216
https://issues.redhat.com/browse/SAT-28293
https://issues.redhat.com/browse/SAT-28311
https://issues.redhat.com/browse/SAT-28312
https://issues.redhat.com/browse/SAT-28337
https://issues.redhat.com/browse/SAT-28338
https://issues.redhat.com/browse/SAT-28356
https://issues.redhat.com/browse/SAT-28443
https://issues.redhat.com/browse/SAT-28464
https://issues.redhat.com/browse/SAT-28471
https://issues.redhat.com/browse/SAT-28472
https://issues.redhat.com/browse/SAT-28486
https://issues.redhat.com/browse/SAT-28493
https://issues.redhat.com/browse/SAT-28526
https://issues.redhat.com/browse/SAT-28538
https://issues.redhat.com/browse/SAT-28552
https://issues.redhat.com/browse/SAT-28553
https://issues.redhat.com/browse/SAT-28556
https://issues.redhat.com/browse/SAT-28575
https://issues.redhat.com/browse/SAT-28613
https://issues.redhat.com/browse/SAT-28662
https://issues.redhat.com/browse/SAT-28735
https://issues.redhat.com/browse/SAT-28743
https://issues.redhat.com/browse/SAT-28756
https://issues.redhat.com/browse/SAT-28818
https://issues.redhat.com/browse/SAT-28823
https://issues.redhat.com/browse/SAT-28826
https://issues.redhat.com/browse/SAT-28856
https://issues.redhat.com/browse/SAT-28894
https://issues.redhat.com/browse/SAT-28981
https://issues.redhat.com/browse/SAT-28994
https://issues.redhat.com/browse/SAT-29017
https://issues.redhat.com/browse/SAT-29058
https://issues.redhat.com/browse/SAT-29062
https://issues.redhat.com/browse/SAT-29068
https://issues.redhat.com/browse/SAT-29070
https://issues.redhat.com/browse/SAT-29090
https://issues.redhat.com/browse/SAT-29203
https://issues.redhat.com/browse/SAT-29209
https://issues.redhat.com/browse/SAT-29212
https://issues.redhat.com/browse/SAT-29214
https://issues.redhat.com/browse/SAT-29314
https://issues.redhat.com/browse/SAT-29322
https://issues.redhat.com/browse/SAT-29332
https://issues.redhat.com/browse/SAT-29345
https://issues.redhat.com/browse/SAT-29347
https://issues.redhat.com/browse/SAT-29454
https://issues.redhat.com/browse/SAT-29469
https://issues.redhat.com/browse/SAT-29567
https://issues.redhat.com/browse/SAT-29596
https://issues.redhat.com/browse/SAT-29622
https://issues.redhat.com/browse/SAT-29623
https://issues.redhat.com/browse/SAT-29667
https://issues.redhat.com/browse/SAT-29670
https://issues.redhat.com/browse/SAT-29675
https://issues.redhat.com/browse/SAT-29679
https://issues.redhat.com/browse/SAT-29794
https://issues.redhat.com/browse/SAT-29863
https://issues.redhat.com/browse/SAT-29939
https://issues.redhat.com/browse/SAT-29945
https://issues.redhat.com/browse/SAT-29950
https://issues.redhat.com/browse/SAT-29957
https://issues.redhat.com/browse/SAT-30004
https://issues.redhat.com/browse/SAT-30014
https://issues.redhat.com/browse/SAT-30043
https://issues.redhat.com/browse/SAT-30070
https://issues.redhat.com/browse/SAT-30098
https://issues.redhat.com/browse/SAT-30102
https://issues.redhat.com/browse/SAT-30106
https://issues.redhat.com/browse/SAT-30108
https://issues.redhat.com/browse/SAT-30112
https://issues.redhat.com/browse/SAT-30118
https://issues.redhat.com/browse/SAT-30138
https://issues.redhat.com/browse/SAT-30141
https://issues.redhat.com/browse/SAT-30152
https://issues.redhat.com/browse/SAT-30154
https://issues.redhat.com/browse/SAT-30167
https://issues.redhat.com/browse/SAT-30172
https://issues.redhat.com/browse/SAT-30176
https://issues.redhat.com/browse/SAT-30186
https://issues.redhat.com/browse/SAT-30188
https://issues.redhat.com/browse/SAT-30209
https://issues.redhat.com/browse/SAT-30220
https://issues.redhat.com/browse/SAT-30227
https://issues.redhat.com/browse/SAT-30228
https://issues.redhat.com/browse/SAT-30314
https://issues.redhat.com/browse/SAT-30342
https://issues.redhat.com/browse/SAT-30374
https://issues.redhat.com/browse/SAT-30378
https://issues.redhat.com/browse/SAT-30403
https://issues.redhat.com/browse/SAT-30443
https://issues.redhat.com/browse/SAT-30464
https://issues.redhat.com/browse/SAT-30491
https://issues.redhat.com/browse/SAT-30541
https://issues.redhat.com/browse/SAT-30543
https://issues.redhat.com/browse/SAT-30544
https://issues.redhat.com/browse/SAT-30577
https://issues.redhat.com/browse/SAT-30611
https://issues.redhat.com/browse/SAT-30614
https://issues.redhat.com/browse/SAT-30625
https://issues.redhat.com/browse/SAT-30636
https://issues.redhat.com/browse/SAT-30637
https://issues.redhat.com/browse/SAT-30669
https://issues.redhat.com/browse/SAT-30686
https://issues.redhat.com/browse/SAT-30715
https://issues.redhat.com/browse/SAT-30717
https://issues.redhat.com/browse/SAT-30726
https://issues.redhat.com/browse/SAT-30761
https://issues.redhat.com/browse/SAT-30767
https://issues.redhat.com/browse/SAT-30785
https://issues.redhat.com/browse/SAT-30790
https://issues.redhat.com/browse/SAT-30815
https://issues.redhat.com/browse/SAT-30841
https://issues.redhat.com/browse/SAT-30846
https://issues.redhat.com/browse/SAT-30869
https://issues.redhat.com/browse/SAT-30916
https://issues.redhat.com/browse/SAT-30961
https://issues.redhat.com/browse/SAT-30962
https://issues.redhat.com/browse/SAT-30967
https://issues.redhat.com/browse/SAT-30970
https://issues.redhat.com/browse/SAT-31040
https://issues.redhat.com/browse/SAT-31105
https://issues.redhat.com/browse/SAT-31111
https://issues.redhat.com/browse/SAT-31157
https://issues.redhat.com/browse/SAT-31160
https://issues.redhat.com/browse/SAT-31193
https://issues.redhat.com/browse/SAT-31196
https://issues.redhat.com/browse/SAT-31203
https://issues.redhat.com/browse/SAT-31220
https://issues.redhat.com/browse/SAT-31241
https://issues.redhat.com/browse/SAT-31308
https://issues.redhat.com/browse/SAT-31315
https://issues.redhat.com/browse/SAT-31316
https://issues.redhat.com/browse/SAT-31338
https://issues.redhat.com/browse/SAT-31351
https://issues.redhat.com/browse/SAT-31398
https://issues.redhat.com/browse/SAT-31451
https://issues.redhat.com/browse/SAT-31475
https://issues.redhat.com/browse/SAT-31479
https://issues.redhat.com/browse/SAT-31502
https://issues.redhat.com/browse/SAT-31526
https://issues.redhat.com/browse/SAT-31588
https://issues.redhat.com/browse/SAT-31602
https://issues.redhat.com/browse/SAT-31645
https://issues.redhat.com/browse/SAT-31813
https://issues.redhat.com/browse/SAT-31814
https://issues.redhat.com/browse/SAT-32426
https://issues.redhat.com/browse/SAT-32447
https://issues.redhat.com/browse/SAT-32467
https://issues.redhat.com/browse/SAT-32604
https://issues.redhat.com/browse/SAT-32605
https://issues.redhat.com/browse/SAT-5118
https://issues.redhat.com/browse/SAT-6776
プラグインの詳細
深刻度: Medium
ID: 235426
ファイル名: redhat-RHSA-2025-4576.nasl
バージョン: 1.2
タイプ: local
エージェント: unix
公開日: 2025/5/7
更新日: 2025/6/5
サポートされているセンサー: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
リスク情報
VPR
リスクファクター: Critical
スコア: 9.2
Vendor
Vendor Severity: Important
CVSS v2
リスクファクター: High
基本値: 7.8
現状値: 5.8
ベクトル: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS スコアのソース: CVE-2025-27610
CVSS v3
リスクファクター: Critical
基本値: 9
現状値: 7.8
ベクトル: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C
CVSS スコアのソース: CVE-2025-27407
CVSS v4
リスクファクター: Medium
Base Score: 5.4
Threat Score: 2
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS スコアのソース: CVE-2024-56326
脆弱性情報
CPE: cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:python3.11-django, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:python3.11-jinja2, p-cpe:/a:redhat:enterprise_linux:rubygem-graphql, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:rubygem-rack
必要な KB アイテム: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
エクスプロイトの容易さ: No known exploits are available
パッチ公開日: 2025/5/6
脆弱性公開日: 2024/12/23
参照情報
CVE: CVE-2024-56326, CVE-2024-56374, CVE-2025-27407, CVE-2025-27610