Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5914 (GCVE-0-2025-5914)
Vulnerability from cvelistv5 – Published: 2025-06-09 19:53 – Updated: 2026-06-05 00:13
VLAI
EPSS
Title
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
Summary
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
32 references
Impacted products
55 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 3.8.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.7.7-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:3.1.2-14.el7_9.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.3.3-6.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:3.3.2-8.el8_2.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.3.3-1.el8_4.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.3.3-1.el8_4.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.3.3-5.el8_8.1 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.3.3-5.el8_8.1 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.5.3-6.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.5.3-2.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.5.3-5.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.5.3-4.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
414.92.202510211419-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202601271320-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
416.94.202601071926-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
417.94.202510112152-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
418.94.202510230424-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
Unaffected:
4.19.9.6.202510140714-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
Unaffected:
4.20.9.6.202509251656-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-19 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-8 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 on RHEL 9 |
Unaffected:
1.12-4 , < *
(rpm)
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-11 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-10 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-4 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-9 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-12 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-18 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-7 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | cert-manager operator for Red Hat OpenShift 1.16 |
Unaffected:
v1.16.5-1760515757 , < *
(rpm)
cpe:/a:redhat:cert_manager:1.16::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
Unaffected:
1.8.0 , < *
(rpm)
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | OpenShift File Integrity Operator - FIO 1 |
Unaffected:
v1.3 , < *
(rpm)
cpe:/a:redhat:openshift_file_integrity_operator:1::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
2.2.1-1758555934 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1.5.6-1756187445 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116455 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116482 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116441 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116449 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116439 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116447 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756128595 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756125872 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116445 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422110 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421846 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421804 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422070 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421879 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422401 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421890 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-05-20 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:14:35.773233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:30:42.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/libarchive/libarchive/pull/2598"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libarchive/libarchive/",
"defaultStatus": "unaffected",
"packageName": "libarchive",
"versions": [
{
"lessThan": "3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.7-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.2-14.el7_9.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.2-8.el8_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-1.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-1.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-5.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-5.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-2.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-5.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-4.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202510211419-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202601271320-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202601071926-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202510112152-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "418.94.202510230424-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.19.9.6.202510140714-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.20.9.6.202509251656-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-rhel9-operator",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.12 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-management-console-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-operator-bundle",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-rhel8-operator",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-18",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:cert_manager:1.16::el9"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-rhel9",
"product": "cert-manager operator for Red Hat OpenShift 1.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.16.5-1760515757",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-must-gather-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-openscap-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-rhel8-operator",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-file-integrity-rhel8-operator",
"product": "OpenShift File Integrity Operator - FIO 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.2.1-1758555934",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.5.6-1756187445",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-agent-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116455",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-all-in-one-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116482",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-collector-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116441",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116449",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-rollover-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116439",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-ingester-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116447",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-operator-bundle",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756128595",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-query-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756125872",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-rhel8-operator",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116445",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422110",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421846",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421804",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422070",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421879",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422401",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421890",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T00:13:24.064Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:14130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14130"
},
{
"name": "RHSA-2025:14135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14135"
},
{
"name": "RHSA-2025:14137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14137"
},
{
"name": "RHSA-2025:14141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14141"
},
{
"name": "RHSA-2025:14142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14142"
},
{
"name": "RHSA-2025:14525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14525"
},
{
"name": "RHSA-2025:14528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14528"
},
{
"name": "RHSA-2025:14594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14594"
},
{
"name": "RHSA-2025:14644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"name": "RHSA-2025:14808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14808"
},
{
"name": "RHSA-2025:14810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14810"
},
{
"name": "RHSA-2025:14828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14828"
},
{
"name": "RHSA-2025:15024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15024"
},
{
"name": "RHSA-2025:15397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"name": "RHSA-2025:15709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"name": "RHSA-2025:15827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"name": "RHSA-2025:15828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"name": "RHSA-2025:16524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"name": "RHSA-2025:18217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18217"
},
{
"name": "RHSA-2025:18218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18218"
},
{
"name": "RHSA-2025:18219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"name": "RHSA-2025:19041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19041"
},
{
"name": "RHSA-2025:19046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19046"
},
{
"name": "RHSA-2025:21885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"name": "RHSA-2025:21913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"name": "RHSA-2026:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"name": "RHSA-2026:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"name": "RHSA-2026:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"name": "RHBZ#2370861",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-06T17:58:25.491Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-05-20T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5914",
"datePublished": "2025-06-09T19:53:48.923Z",
"dateReserved": "2025-06-09T08:10:18.779Z",
"dateUpdated": "2026-06-05T00:13:24.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-5914",
"date": "2026-06-14",
"epss": "0.00114",
"percentile": "0.29885"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5914\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-06-09T20:15:26.123\",\"lastModified\":\"2026-02-05T20:15:52.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la librer\u00eda libarchive, espec\u00edficamente en la funci\u00f3n archive_read_format_rar_seek_data(). Esta falla implica un desbordamiento de enteros que puede provocar una condici\u00f3n de doble liberaci\u00f3n. Explotar una vulnerabilidad de doble liberaci\u00f3n puede provocar corrupci\u00f3n de memoria, lo que permite a un atacante ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.8.0\",\"matchCriteriaId\":\"FCC41392-D22A-4BE5-B7E7-DE5D6BA40052\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14130\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14135\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14137\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14141\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14142\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14525\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14528\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14594\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14644\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14808\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14810\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14828\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15024\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15397\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15709\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15827\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15828\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16524\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18217\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18218\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19041\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19046\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21885\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21913\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:0326\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:0934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:1541\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-5914\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2370861\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/pull/2598\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libarchive/libarchive/releases/tag/v3.8.0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/libarchive/libarchive/pull/2598\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-10T15:14:35.773233Z\"}}}], \"references\": [{\"url\": \"https://github.com/libarchive/libarchive/pull/2598\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-10T14:23:42.747Z\"}}], \"cna\": {\"title\": \"Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.0\", \"versionType\": \"semver\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://github.com/libarchive/libarchive/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.7.7-4.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.1.2-14.el7_9.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::crb\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.2-8.el8_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-1.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-1.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-5.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-5.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-6.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-6.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-2.el9_0.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-5.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/a:redhat:rhel_eus:9.4::crb\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-4.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"414.92.202510211419-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"415.92.202601271320-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"416.94.202601071926-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"417.94.202510112152-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"418.94.202510230424-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.19.9.6.202510140714-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.20\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.20.9.6.202509251656-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-19\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-db-migrator-tool-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-management-console-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-12\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-18\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-builder-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-devmode-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager operator for Red Hat OpenShift 1.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.16.5-1760515757\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"cert-manager/jetstack-cert-manager-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-must-gather-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-openscap-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift File Integrity Operator - FIO 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-file-integrity-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.2.1-1758555934\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.5.6-1756187445\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"insights-proxy/insights-proxy-container-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116455\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-agent-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116482\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-all-in-one-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116441\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-collector-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116449\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-index-cleaner-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116439\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-rollover-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116447\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-ingester-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756128595\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756125872\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-query-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116445\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422110\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421846\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421804\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-monitor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422070\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-must-gather-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421879\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422401\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-payload-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421890\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-06T17:58:25.491Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-05-20T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-05-20T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:14130\", \"name\": \"RHSA-2025:14130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14135\", \"name\": \"RHSA-2025:14135\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14137\", \"name\": \"RHSA-2025:14137\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14141\", \"name\": \"RHSA-2025:14141\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14142\", \"name\": \"RHSA-2025:14142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14525\", \"name\": \"RHSA-2025:14525\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14528\", \"name\": \"RHSA-2025:14528\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14594\", \"name\": \"RHSA-2025:14594\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14644\", \"name\": \"RHSA-2025:14644\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14808\", \"name\": \"RHSA-2025:14808\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14810\", \"name\": \"RHSA-2025:14810\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14828\", \"name\": \"RHSA-2025:14828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15024\", \"name\": \"RHSA-2025:15024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15397\", \"name\": \"RHSA-2025:15397\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15709\", \"name\": \"RHSA-2025:15709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15827\", \"name\": \"RHSA-2025:15827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15828\", \"name\": \"RHSA-2025:15828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:16524\", \"name\": \"RHSA-2025:16524\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18217\", \"name\": \"RHSA-2025:18217\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18218\", \"name\": \"RHSA-2025:18218\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18219\", \"name\": \"RHSA-2025:18219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19041\", \"name\": \"RHSA-2025:19041\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19046\", \"name\": \"RHSA-2025:19046\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21885\", \"name\": \"RHSA-2025:21885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21913\", \"name\": \"RHSA-2025:21913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:0326\", \"name\": \"RHSA-2026:0326\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:0934\", \"name\": \"RHSA-2026:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:1541\", \"name\": \"RHSA-2026:1541\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-5914\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2370861\", \"name\": \"RHBZ#2370861\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/libarchive/libarchive/pull/2598\"}, {\"url\": \"https://github.com/libarchive/libarchive/releases/tag/v3.8.0\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-05T00:13:24.064Z\"}, \"x_redhatCweChain\": \"CWE-190: Integer Overflow or Wraparound\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-05T00:13:24.064Z\", \"dateReserved\": \"2025-06-09T08:10:18.779Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-06-09T19:53:48.923Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:14594
Vulnerability from csaf_redhat - Published: 2025-08-26 09:43 - Updated: 2026-06-05 00:25Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 release
Severity
Important
Notes
Topic: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 has been released
Details: This release of the Red Hat OpenShift distributed tracing platform (Jaeger) provides security improvements.
Breaking changes:
* Nothing
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* Nothing
Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-5914
Known issues:
* Nothing
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Jaeger) provides security improvements.\n\nBreaking changes:\n* Nothing\n\nDeprecations:\n* Nothing\n\nTechnology Preview features:\n* Nothing\n\nEnhancements:\n* Nothing\n\nBug fixes:\n* https://access.redhat.com/security/cve/CVE-2025-5914\n\nKnown issues:\n* Nothing",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14594",
"url": "https://access.redhat.com/errata/RHSA-2025:14594"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14594.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 release",
"tracking": {
"current_release_date": "2026-06-05T00:25:30+00:00",
"generator": {
"date": "2026-06-05T00:25:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14594",
"initial_release_date": "2025-08-26T09:43:28+00:00",
"revision_history": [
{
"date": "2025-08-26T09:43:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-26T09:43:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:25:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.5.1",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116482"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Aacfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116441"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116449"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Ace79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Abec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116445"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Afd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756125872"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116482"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116445"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3Af250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756128595"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Ab6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116441"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ae17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116449"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Ad0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756125872"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116482"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Aa51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116441"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ad19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116449"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ac1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116445"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756125872"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116482"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116441"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116449"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Ada510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Af778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756116445"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1756125872"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1",
"product_id": "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T09:43:28+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14594"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:64db38a22aab24fb69cc1fbadc9aed331f52eb0fb14ff9d45c4aa054ead38b81_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:34c4588cf354ab2a69695897911e7caca6f7df93fb13fed716b3f99608ff70aa_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:648db93ff38b16ecb8a0fe831d722d1ddac9aadcb8663a45a1a9086ef9129dd2_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a51ae66a32ddfa21fc4c9bcd42540a8e12c5a59b0e8c27369dd1689a924bbebe_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:acfdb88e8d2870d07fb93fb022a000f2a5d9b854cdf4c43a0e650f387ea1a713_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:b6f2f955cb33ccb5c8f82d1537f4e0cb30c2bf31b30d4ef6a44a72abb742b973_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:88ce7e9894e7e4b1406d6e1f20e18cd19cff9df376f5455a24eeffb118f0535f_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:ce79641c2031185586fa3dc5c504db2df69f4ae8ac1e91577232dfccde20633f_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:3198d0074236cb452644b5c580c6f37df3ff2984f6ca94fcda8b35ba271658d4_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:4856bc69d0c18c6049819007d25b966a6ee02dcc819682f7294503ab2d646776_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4_amd64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447_arm64",
"Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f778be7b2721aae35d0025fc30dae9bd1e1c2e0c69cecd0171b6bdec927388ff_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
}
]
}
RHSA-2025:14644
Vulnerability from csaf_redhat - Published: 2025-08-26 15:51 - Updated: 2026-06-05 00:25Summary
Red Hat Security Advisory: Insights proxy Container Image
Severity
Important
Notes
Topic: Initial GA Release of Red Hat Insights proxy
Details: The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14644",
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32414",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14644.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-06-05T00:25:40+00:00",
"generator": {
"date": "2026-06-05T00:25:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14644",
"initial_release_date": "2025-08-26T15:51:25+00:00",
"revision_history": [
{
"date": "2025-08-26T15:51:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-26T15:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:25:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ab7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:14808
Vulnerability from csaf_redhat - Published: 2025-08-28 04:30 - Updated: 2026-06-05 00:25Summary
Red Hat Security Advisory: libarchive security update
Severity
Important
Notes
Topic: An update for libarchive is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdtar-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdtar-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14808",
"url": "https://access.redhat.com/errata/RHSA-2025:14808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14808.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2026-06-05T00:25:44+00:00",
"generator": {
"date": "2026-06-05T00:25:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14808",
"initial_release_date": "2025-08-28T04:30:31+00:00",
"revision_history": [
{
"date": "2025-08-28T04:30:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T04:30:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:25:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"product_id": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.x86_64",
"product_id": "libarchive-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"product_id": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_id": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_id": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_id": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-6.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.i686",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.i686",
"product_id": "libarchive-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"product": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"product_id": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-6.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"product_id": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-6.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"product_id": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-6.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"product_id": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-6.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"product_id": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-6.el8_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.src",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.src",
"product_id": "libarchive-0:3.3.3-6.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "bsdtar-0:3.3.3-6.el8_6.aarch64",
"product_id": "bsdtar-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.aarch64",
"product_id": "libarchive-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"product_id": "libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_id": "bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_id": "bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_id": "libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-6.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "bsdtar-0:3.3.3-6.el8_6.ppc64le",
"product_id": "bsdtar-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.ppc64le",
"product_id": "libarchive-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"product_id": "libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_id": "libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-6.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "bsdtar-0:3.3.3-6.el8_6.s390x",
"product_id": "bsdtar-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "libarchive-0:3.3.3-6.el8_6.s390x",
"product_id": "libarchive-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"product_id": "libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_id": "bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_id": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_id": "bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_id": "libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-6.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdtar-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.src"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.src"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.s390x"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdtar-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.src"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T04:30:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.AUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.AUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.E4S:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcat-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdcpio-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:bsdtar-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.src",
"BaseOS-8.6.0.Z.TUS:libarchive-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debuginfo-0:3.3.3-6.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.i686",
"BaseOS-8.6.0.Z.TUS:libarchive-debugsource-0:3.3.3-6.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
}
]
}
RHSA-2025:14810
Vulnerability from csaf_redhat - Published: 2025-08-28 05:11 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: libarchive security update
Severity
Important
Notes
Topic: An update for libarchive is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdtar-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14810",
"url": "https://access.redhat.com/errata/RHSA-2025:14810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14810.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2026-06-05T00:26:06+00:00",
"generator": {
"date": "2026-06-05T00:26:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14810",
"initial_release_date": "2025-08-28T05:11:26+00:00",
"revision_history": [
{
"date": "2025-08-28T05:11:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T05:11:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "libarchive-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "libarchive-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_id": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "libarchive-0:3.3.3-1.el8_4.1.i686",
"product_id": "libarchive-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"product_id": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_id": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_id": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_id": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.3.3-1.el8_4.1.src",
"product": {
"name": "libarchive-0:3.3.3-1.el8_4.1.src",
"product_id": "libarchive-0:3.3.3-1.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdtar-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.src"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.src"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686"
},
"product_reference": "libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T05:11:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14810"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcat-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdcpio-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:bsdtar-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debuginfo-0:3.3.3-1.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libarchive-debugsource-0:3.3.3-1.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
}
]
}
RHSA-2025:14828
Vulnerability from csaf_redhat - Published: 2025-08-28 06:39 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: libarchive security update
Severity
Important
Notes
Topic: An update for libarchive is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14828",
"url": "https://access.redhat.com/errata/RHSA-2025:14828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14828.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2026-06-05T00:26:07+00:00",
"generator": {
"date": "2026-06-05T00:26:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14828",
"initial_release_date": "2025-08-28T06:39:16+00:00",
"revision_history": [
{
"date": "2025-08-28T06:39:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T06:39:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.src",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.src",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"product": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"product_id": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"product": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"product_id": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.s390",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.s390x",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390x",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"product": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"product_id": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
"product": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
"product_id": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"product": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"product_id": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"product": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"product_id": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.i686",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.i686",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"product": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"product": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"product_id": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"product": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"product_id": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"product": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.src",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
},
"product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T06:39:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
"7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
"7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
}
]
}
RHSA-2025:15024
Vulnerability from csaf_redhat - Published: 2025-09-02 03:02 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: libarchive security update
Severity
Important
Notes
Topic: An update for libarchive is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15024",
"url": "https://access.redhat.com/errata/RHSA-2025:15024"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15024.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2026-06-05T00:26:10+00:00",
"generator": {
"date": "2026-06-05T00:26:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:15024",
"initial_release_date": "2025-09-02T03:02:59+00:00",
"revision_history": [
{
"date": "2025-09-02T03:02:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-02T03:02:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.src",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.src",
"product_id": "libarchive-0:3.5.3-5.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.aarch64",
"product_id": "libarchive-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_2.aarch64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_2.aarch64",
"product_id": "bsdtar-0:3.5.3-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.ppc64le",
"product_id": "libarchive-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_2.ppc64le",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_2.ppc64le",
"product_id": "bsdtar-0:3.5.3-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.i686",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.i686",
"product_id": "libarchive-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.x86_64",
"product_id": "libarchive-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_2.x86_64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_2.x86_64",
"product_id": "bsdtar-0:3.5.3-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "libarchive-0:3.5.3-5.el9_2.s390x",
"product_id": "libarchive-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_2.s390x",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_2.s390x",
"product_id": "bsdtar-0:3.5.3-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T03:02:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcat-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdcpio-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:bsdtar-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.src",
"BaseOS-9.2.0.Z.E4S:libarchive-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debuginfo-0:3.5.3-5.el9_2.x86_64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.aarch64",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.i686",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.ppc64le",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.s390x",
"BaseOS-9.2.0.Z.E4S:libarchive-debugsource-0:3.5.3-5.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
}
]
}
RHSA-2025:15397
Vulnerability from csaf_redhat - Published: 2025-10-21 14:50 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: OpenShift Container Platform 4.20.0 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.20.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container
Platform 4.20.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.20.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/149403
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in
archive_read_support_format_rar.c (CVE-2025-5914)
* unbound: Unbound Cache poisoning (CVE-2025-5994)
* podman: podman missing TLS verification (CVE-2025-6032)
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
* libxml: Heap use after free (UAF) leads to Denial of service (DoS)
(CVE-2025-49794)
* libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet (ECS) must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS transaction ID with cache non-ECS poisoned replies.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
51 references
Acknowledgments
Red Hat Inc.
Paul Holzinger
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.20.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container\nPlatform 4.20.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.20.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/149403\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in\narchive_read_support_format_rar.c (CVE-2025-5914)\n* unbound: Unbound Cache poisoning (CVE-2025-5994)\n* podman: podman missing TLS verification (CVE-2025-6032)\n* sqlite: Integer Truncation in SQLite (CVE-2025-6965)\n* libxml: Heap use after free (UAF) leads to Denial of service (DoS)\n(CVE-2025-49794)\n* libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15397",
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2380949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380949"
},
{
"category": "external",
"summary": "OCPBUGS-55905",
"url": "https://issues.redhat.com/browse/OCPBUGS-55905"
},
{
"category": "external",
"summary": "OCPBUGS-55906",
"url": "https://issues.redhat.com/browse/OCPBUGS-55906"
},
{
"category": "external",
"summary": "OCPBUGS-56277",
"url": "https://issues.redhat.com/browse/OCPBUGS-56277"
},
{
"category": "external",
"summary": "OCPBUGS-56645",
"url": "https://issues.redhat.com/browse/OCPBUGS-56645"
},
{
"category": "external",
"summary": "OCPBUGS-58117",
"url": "https://issues.redhat.com/browse/OCPBUGS-58117"
},
{
"category": "external",
"summary": "OCPBUGS-59201",
"url": "https://issues.redhat.com/browse/OCPBUGS-59201"
},
{
"category": "external",
"summary": "OCPBUGS-59630",
"url": "https://issues.redhat.com/browse/OCPBUGS-59630"
},
{
"category": "external",
"summary": "OCPBUGS-60099",
"url": "https://issues.redhat.com/browse/OCPBUGS-60099"
},
{
"category": "external",
"summary": "OCPBUGS-60664",
"url": "https://issues.redhat.com/browse/OCPBUGS-60664"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15397.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.20.0 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:26:18+00:00",
"generator": {
"date": "2026-06-05T00:26:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:15397",
"initial_release_date": "2025-10-21T14:50:28+00:00",
"revision_history": [
{
"date": "2025-10-21T14:50:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-21T14:50:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.20",
"product": {
"name": "Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.20.9.6.202509251656-0",
"product": {
"name": "rhcos-aarch64-4.20.9.6.202509251656-0",
"product_id": "rhcos-aarch64-4.20.9.6.202509251656-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202509251656?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.20.9.6.202509251656-0",
"product": {
"name": "rhcos-ppc64le-4.20.9.6.202509251656-0",
"product_id": "rhcos-ppc64le-4.20.9.6.202509251656-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202509251656?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.20.9.6.202509251656-0",
"product": {
"name": "rhcos-s390x-4.20.9.6.202509251656-0",
"product_id": "rhcos-s390x-4.20.9.6.202509251656-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202509251656?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.20.9.6.202509251656-0",
"product": {
"name": "rhcos-x86_64-4.20.9.6.202509251656-0",
"product_id": "rhcos-x86_64-4.20.9.6.202509251656-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202509251656?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.20.9.6.202509251656-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0"
},
"product_reference": "rhcos-aarch64-4.20.9.6.202509251656-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.20.9.6.202509251656-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0"
},
"product_reference": "rhcos-ppc64le-4.20.9.6.202509251656-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.20.9.6.202509251656-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0"
},
"product_reference": "rhcos-s390x-4.20.9.6.202509251656-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.20.9.6.202509251656-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
},
"product_reference": "rhcos-x86_64-4.20.9.6.202509251656-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-5994",
"cwe": {
"id": "CWE-349",
"name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
},
"discovery_date": "2025-07-16T15:01:36.497027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380949"
}
],
"notes": [
{
"category": "description",
"text": "A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet (ECS) must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS transaction ID with cache non-ECS poisoned replies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "unbound: Unbound Cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than Moderate because it directly compromises the integrity of DNS caching mechanisms in resolvers supporting EDNS Client Subnet (ECS). The flaw allows an attacker to exploit the birthday paradox by generating a high volume of concurrent queries with different ECS values, thereby increasing the chance of a transaction ID collision with a spoofed response. If the resolver fails to properly segregate cache entries by ECS scope, it may accept and cache a malicious non-ECS response, effectively leading to DNS cache poisoning. Unlike typical poisoning attempts that require precise timing or privileged network positions, this attack can be carried out remotely with a high success rate, especially in resolvers that do not correctly isolate ECS queries.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5994"
},
{
"category": "external",
"summary": "RHBZ#2380949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5994"
},
{
"category": "external",
"summary": "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt",
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt"
}
],
"release_date": "2025-07-16T14:38:22.738000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "unbound: Unbound Cache poisoning"
},
{
"acknowledgments": [
{
"names": [
"Paul Holzinger"
],
"organization": "Red Hat Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2025-6032",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-06-12T15:14:34.557000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "podman: podman missing TLS verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, a user needs to download an image from an untrusted OCI registry, specifically, an OCI registry with an invalid TLS certificate. This allows a remote attacker with access to the network path between the registry and the client to perform a Man In the Middle attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "RHBZ#2372501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6032"
},
{
"category": "external",
"summary": "https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3",
"url": "https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3"
},
{
"category": "external",
"summary": "https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h",
"url": "https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "workaround",
"details": "Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n\n# podman machine init --image \u003clocal-image-path\u003e",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "podman: podman missing TLS verification"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-21T14:50:28+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2\n\n (For s390x architecture)\n The image digest is sha256:bb2b07ca992b8c976341c145ccdcefbd57e946a590efaa5e10d60fc5a2cbe503\n\n (For ppc64le architecture)\n The image digest is sha256:678369ac0a189674b3d9f5779ee7042b39e625ee580579ec302d8899f8ddc613\n\n (For aarch64 architecture)\n The image digest is sha256:791079aeb081a9193cec139ba4dccbafbfc9437b6e5e39d70225b0e6d2f51b34\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202509251656-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202509251656-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:15709
Vulnerability from csaf_redhat - Published: 2025-09-11 15:29 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: Red Hat OpenShift sandboxed containers release
Severity
Important
Notes
Topic: Release of Red Hat OpenShift sandboxed containers.
Details: Red Hat OpenShift sandboxed containers, based on the Kata Containers project.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x | — |
Workaround
|
Threats
Impact
Important
References
21 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of Red Hat OpenShift sandboxed containers.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift sandboxed containers, based on the Kata Containers project.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15709",
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15709.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift sandboxed containers release",
"tracking": {
"current_release_date": "2026-06-05T00:26:22+00:00",
"generator": {
"date": "2026-06-05T00:26:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:15709",
"initial_release_date": "2025-09-11T15:29:48+00:00",
"revision_history": [
{
"date": "2025-09-11T15:29:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-11T15:29:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift sandboxed containers 1.1",
"product": {
"name": "Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift sandboxed containers"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256%3A7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422110"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256%3A7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-dm-verity-image@sha256%3A53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757428967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-monitor-rhel9@sha256%3A9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421804"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-must-gather-rhel9@sha256%3Ae45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-operator-bundle@sha256%3A6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757430223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-rhel9-operator@sha256%3A616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-builder-rhel9@sha256%3A8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421879"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-payload-rhel9@sha256%3A8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422401"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256%3A24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422110"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256%3A99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-monitor-rhel9@sha256%3Af5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421804"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-must-gather-rhel9@sha256%3A6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-rhel9-operator@sha256%3A869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-builder-rhel9@sha256%3Acead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421879"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-payload-rhel9@sha256%3A59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422401"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
RHSA-2025:15827
Vulnerability from csaf_redhat - Published: 2025-09-15 15:13 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: updated web-terminal/tooling container image
Severity
Important
Notes
Topic: Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.12 on RHEL 9.
Details: The Red Hat Web Terminal 1.11 on RHEL 9 web-terminal-tooling container image has been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.
Users of web-terminal/tooling container images are advised to upgrade to this updated image, which contain patches to correct security issues. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
61 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.12 on RHEL 9.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Web Terminal 1.11 on RHEL 9 web-terminal-tooling container image has been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.\n\nUsers of web-terminal/tooling container images are advised to upgrade to this updated image, which contain patches to correct security issues. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15827",
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15827.json"
}
],
"title": "Red Hat Security Advisory: updated web-terminal/tooling container image",
"tracking": {
"current_release_date": "2026-06-06T07:56:17+00:00",
"generator": {
"date": "2026-06-06T07:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15827",
"initial_release_date": "2025-09-15T15:13:16+00:00",
"revision_history": [
{
"date": "2025-09-15T15:13:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T15:13:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.12 on RHEL 9",
"product": {
"name": "Red Hat Web Terminal 1.12 on RHEL 9",
"product_id": "9Base-WebTerminal-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product_id": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1.12-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 as a component of Red Hat Web Terminal 1.12 on RHEL 9",
"product_id": "9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
},
"product_reference": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:15828
Vulnerability from csaf_redhat - Published: 2025-09-15 15:14 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: updated web-terminal/tooling container image
Severity
Important
Notes
Topic: Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.
Details: The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.
Users of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to
upgrade to these updated images, which contain backported patches to correct
these security issues, fix these bugs and add these enhancements. Users of these
images are also encouraged to rebuild all container images that depend on these
images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
69 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.\n\nUsers of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to\nupgrade to these updated images, which contain backported patches to correct\nthese security issues, fix these bugs and add these enhancements. Users of these\nimages are also encouraged to rebuild all container images that depend on these\nimages.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15828",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling",
"url": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15828.json"
}
],
"title": "Red Hat Security Advisory: updated web-terminal/tooling container image",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15828",
"initial_release_date": "2025-09-15T15:14:08+00:00",
"revision_history": [
{
"date": "2025-09-15T15:14:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T15:14:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product": {
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_id": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1.11-19"
}
}
},
{
"category": "product_version",
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_id": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1.11-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64"
},
"product_reference": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
},
"product_reference": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…