- Issued:
- 2025-04-08
- Updated:
- 2025-04-08
RHSA-2025:3709 - Important: updated discovery container images
Synopsis
Important: updated discovery container images
Type/Severity
Security Advisory Important
Topic
Updated container images are now available for Discovery 1.13.1.
Description
The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
This release resolves the following CVEs:
- discovery-server-container: HTTP Request Smuggling in benoitc/gunicorn (CVE-2025-26699)
- discovery-server-container: Potential denial-of-service vulnerability in django.utils.text.wrap() (CVE-2024-6827)
Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Discovery | 1 | x86_64 |
Fixes
CVEs
- CVE-2024-6827
- CVE-2024-7592
- CVE-2024-8176
- CVE-2024-43855
- CVE-2024-56171
- CVE-2025-24928
- CVE-2025-26699
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.