Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-7425 (GCVE-0-2025-7425)
Vulnerability from cvelistv5 – Published: 2025-07-10 13:53 – Updated: 2026-06-06 07:56
VLAI
EPSS
Title
Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
Summary
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
43 references
Impacted products
66 products
| Vendor | Product | Version | |
|---|---|---|---|
| GNOME | libxml2 |
Affected:
0 , < 2.15.2
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:2.12.5-8.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:1.1.39-8.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:2.9.1-6.el7_9.12 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:2.9.7-21.el8_10.2 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:2.9.7-9.el8_2.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:2.9.7-9.el8_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:2.9.7-9.el8_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:2.9.7-13.el8_6.11 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:2.9.7-13.el8_6.11 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:2.9.7-13.el8_6.11 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:2.9.7-16.el8_8.10 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:2.9.7-16.el8_8.10 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.9.13-11.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:2.9.13-1.el9_0.6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:2.9.13-3.el9_2.8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:2.9.13-11.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
Unaffected:
412.86.202509030110-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.12::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected:
413.92.202509030117-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
414.92.202508270040-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202508192014-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
416.94.202508261955-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
417.94.202508141510-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
418.94.202508261658-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
Unaffected:
4.19.9.6.202508271124-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-19 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-8 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 on RHEL 9 |
Unaffected:
1.12-4 , < *
(rpm)
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-11 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-10 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-4 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-9 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-12 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-18 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-7 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | cert-manager operator for Red Hat OpenShift 1.16 |
Unaffected:
v1.16.5-1760515757 , < *
(rpm)
cpe:/a:redhat:cert_manager:1.16::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
Unaffected:
1.8.0 , < *
(rpm)
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | OpenShift File Integrity Operator - FIO 1 |
Unaffected:
v1.3 , < *
(rpm)
cpe:/a:redhat:openshift_file_integrity_operator:1::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
2.0.1-1754478727 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
2.15.3-0.1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1.5.5-1754504343 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559657 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559845 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559691 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559660 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559663 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754569861 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559846 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1754559651 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Date Public
2025-07-10 00:00
Credits
Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7425",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T15:21:27.766014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:21:30.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:55.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/37"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/35"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:02:33.327Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
"defaultStatus": "unaffected",
"packageName": "libxml2",
"product": "libxml2",
"vendor": "GNOME",
"versions": [
{
"lessThan": "2.15.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.12.5-8.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "libxslt",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.39-8.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.1-6.el7_9.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-21.el8_10.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-21.el8_10.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-9.el8_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-9.el8_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-9.el8_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-13.el8_6.11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-13.el8_6.11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-13.el8_6.11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-16.el8_8.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.7-16.el8_8.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.13-11.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.13-11.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.13-1.el9_0.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.13-3.el9_2.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libxml2",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.13-11.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "412.86.202509030110-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "413.92.202509030117-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202508270040-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202508192014-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202508261955-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202508141510-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "418.94.202508261658-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.19.9.6.202508271124-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-rhel9-operator",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.12 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-management-console-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-operator-bundle",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-rhel8-operator",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-18",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:cert_manager:1.16::el9"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-rhel9",
"product": "cert-manager operator for Red Hat OpenShift 1.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.16.5-1760515757",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-must-gather-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-openscap-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-rhel8-operator",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-file-integrity-rhel8-operator",
"product": "OpenShift File Integrity Operator - FIO 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.0.1-1754478727",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "libxml2-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.15.3-0.1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.5.5-1754504343",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-agent-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559657",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-all-in-one-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559845",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-collector-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559691",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559660",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-rollover-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559663",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-ingester-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559657",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-operator-bundle",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754569861",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-query-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559846",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-rhel8-operator",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1754559651",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libxslt",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue."
}
],
"datePublic": "2025-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:56:14.688Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2025:12345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2025:12345"
},
{
"name": "RHSA-2025:12447",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12447"
},
{
"name": "RHSA-2025:12450",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12450"
},
{
"name": "RHSA-2025:13267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"name": "RHSA-2025:13308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13308"
},
{
"name": "RHSA-2025:13309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13309"
},
{
"name": "RHSA-2025:13310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13310"
},
{
"name": "RHSA-2025:13311",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13311"
},
{
"name": "RHSA-2025:13312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13312"
},
{
"name": "RHSA-2025:13313",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13313"
},
{
"name": "RHSA-2025:13314",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13314"
},
{
"name": "RHSA-2025:13335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13335"
},
{
"name": "RHSA-2025:13464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13464"
},
{
"name": "RHSA-2025:13622",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"name": "RHSA-2025:14059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"name": "RHSA-2025:14396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14396"
},
{
"name": "RHSA-2025:14818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"name": "RHSA-2025:14819",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"name": "RHSA-2025:14853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"name": "RHSA-2025:14858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"name": "RHSA-2025:15308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"name": "RHSA-2025:15672",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"name": "RHSA-2025:15827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"name": "RHSA-2025:15828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"name": "RHSA-2025:18219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"name": "RHSA-2025:21885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"name": "RHSA-2025:21913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"name": "RHSA-2026:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"name": "RHSA-2026:11503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11503"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"name": "RHBZ#2379274",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-10T09:37:28.172Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-10T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-7425",
"datePublished": "2025-07-10T13:53:37.295Z",
"dateReserved": "2025-07-10T08:44:06.287Z",
"dateUpdated": "2026-06-06T07:56:14.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-7425",
"date": "2026-06-12",
"epss": "0.00192",
"percentile": "0.41219"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-7425\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-07-10T14:15:27.877\",\"lastModified\":\"2026-05-12T13:17:28.697\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en libxslt donde los atributos type, atype y flags se modifican de forma que corrompe la gesti\u00f3n de memoria interna. Cuando las funciones XSLT, como el proceso key(), generan fragmentos de \u00e1rbol, esta corrupci\u00f3n impide la limpieza correcta de los atributos ID. Como resultado, el sistema puede acceder a la memoria liberada, provocando fallos o permitiendo a los atacantes provocar la corrupci\u00f3n del mont\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2025:12345\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:12447\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:12450\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13267\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13308\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13309\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13310\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13311\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13312\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13313\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13314\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13335\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13464\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:13622\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14059\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14396\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14818\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14819\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14853\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14858\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15308\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15672\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15827\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15828\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18219\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21885\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21913\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:0934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11503\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-7425\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2379274\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Aug/0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/11/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-577017.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Aug/0\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/37\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/35\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/32\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/30\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/11/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:14:55.508Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000RE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1501\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1511\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1512\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1524\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1536\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CN 4100\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-577017.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T12:02:33.327Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7425\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-10T15:21:27.766014Z\"}}}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-10T15:21:22.561Z\"}}], \"cna\": {\"title\": \"Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"GNOME\", \"product\": \"libxml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.15.2\", \"versionType\": \"semver\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://gitlab.gnome.org/GNOME/libxml2/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.12.5-8.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.1.39-8.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxslt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.1-6.el7_9.12\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-21.el8_10.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-21.el8_10.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\", \"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-9.el8_2.4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-9.el8_4.7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-9.el8_4.7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-13.el8_6.11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-13.el8_6.11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-13.el8_6.11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-16.el8_8.10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.7-16.el8_8.10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.13-11.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.13-11.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.13-1.el9_0.6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.13-3.el9_2.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.9.13-11.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"412.86.202509030110-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"413.92.202509030117-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"414.92.202508270040-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"415.92.202508192014-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"416.94.202508261955-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"417.94.202508141510-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"418.94.202508261658-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.19.9.6.202508271124-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-19\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-db-migrator-tool-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-management-console-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-12\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-18\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-builder-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-devmode-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager operator for Red Hat OpenShift 1.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.16.5-1760515757\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"cert-manager/jetstack-cert-manager-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-must-gather-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-openscap-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift File Integrity Operator - FIO 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-file-integrity-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.0.1-1754478727\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.15.3-0.1.hum1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libxml2-main\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.5.5-1754504343\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"insights-proxy/insights-proxy-container-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559657\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-agent-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559845\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-all-in-one-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559691\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-collector-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559660\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-index-cleaner-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559663\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-rollover-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559657\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-ingester-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754569861\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559846\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-query-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1754559651\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"libxslt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-07-10T09:37:28.172Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-07-10T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-07-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHBA-2025:12345\", \"name\": \"RHBA-2025:12345\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:12447\", \"name\": \"RHSA-2025:12447\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:12450\", \"name\": \"RHSA-2025:12450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13267\", \"name\": \"RHSA-2025:13267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13308\", \"name\": \"RHSA-2025:13308\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13309\", \"name\": \"RHSA-2025:13309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13310\", \"name\": \"RHSA-2025:13310\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13311\", \"name\": \"RHSA-2025:13311\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13312\", \"name\": \"RHSA-2025:13312\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13313\", \"name\": \"RHSA-2025:13313\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13314\", \"name\": \"RHSA-2025:13314\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13335\", \"name\": \"RHSA-2025:13335\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13464\", \"name\": \"RHSA-2025:13464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:13622\", \"name\": \"RHSA-2025:13622\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14059\", \"name\": \"RHSA-2025:14059\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14396\", \"name\": \"RHSA-2025:14396\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14818\", \"name\": \"RHSA-2025:14818\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14819\", \"name\": \"RHSA-2025:14819\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14853\", \"name\": \"RHSA-2025:14853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14858\", \"name\": \"RHSA-2025:14858\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15308\", \"name\": \"RHSA-2025:15308\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15672\", \"name\": \"RHSA-2025:15672\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15827\", \"name\": \"RHSA-2025:15827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15828\", \"name\": \"RHSA-2025:15828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18219\", \"name\": \"RHSA-2025:18219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21885\", \"name\": \"RHSA-2025:21885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21913\", \"name\": \"RHSA-2025:21913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:0934\", \"name\": \"RHSA-2026:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11503\", \"name\": \"RHSA-2026:11503\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-7425\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2379274\", \"name\": \"RHBZ#2379274\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-06T07:56:14.688Z\"}, \"x_redhatCweChain\": \"CWE-416: Use After Free\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-7425\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-06T07:56:14.688Z\", \"dateReserved\": \"2025-07-10T08:44:06.287Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-07-10T13:53:37.295Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:14858
Vulnerability from csaf_redhat - Published: 2025-09-04 17:05 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.16.47 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.16.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.16.47. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2025:14854
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.16.47 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.16.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.16.47. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2025:14854\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14858",
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14858.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-06T07:56:17+00:00",
"generator": {
"date": "2026-06-06T07:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:14858",
"initial_release_date": "2025-09-04T17:05:36+00:00",
"revision_history": [
{
"date": "2025-09-04T17:05:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:05:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.16",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-416.94.202508261955-0",
"product": {
"name": "rhcos-aarch64-416.94.202508261955-0",
"product_id": "rhcos-aarch64-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-416.94.202508261955-0",
"product": {
"name": "rhcos-ppc64le-416.94.202508261955-0",
"product_id": "rhcos-ppc64le-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-416.94.202508261955-0",
"product": {
"name": "rhcos-s390x-416.94.202508261955-0",
"product_id": "rhcos-s390x-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-416.94.202508261955-0",
"product": {
"name": "rhcos-x86_64-416.94.202508261955-0",
"product_id": "rhcos-x86_64-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0"
},
"product_reference": "rhcos-aarch64-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0"
},
"product_reference": "rhcos-ppc64le-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0"
},
"product_reference": "rhcos-s390x-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
},
"product_reference": "rhcos-x86_64-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
RHSA-2025:15308
Vulnerability from csaf_redhat - Published: 2025-09-11 12:02 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:15307
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
36 references
Acknowledgments
Ahmed Lekssays
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:15307\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15308",
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15308.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-06T07:56:17+00:00",
"generator": {
"date": "2026-06-06T07:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15308",
"initial_release_date": "2025-09-11T12:02:09+00:00",
"revision_history": [
{
"date": "2025-09-11T12:02:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-11T12:02:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-412.86.202509030110-0",
"product": {
"name": "rhcos-x86_64-412.86.202509030110-0",
"product_id": "rhcos-x86_64-412.86.202509030110-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@412.86.202509030110?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-412.86.202509030110-0 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
},
"product_reference": "rhcos-x86_64-412.86.202509030110-0",
"relates_to_product_reference": "8Base-RHOSE-4.12"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
}
]
}
RHSA-2025:15672
Vulnerability from csaf_redhat - Published: 2025-09-18 05:46 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.13.60 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.13.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.13.60. There are no RPM packages for this release:
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* sudo: LPE via host option (CVE-2025-32462)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer
Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute
(jv_string_vfmt) (CVE-2025-48060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
55 references
Acknowledgments
Ahmed Lekssays
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.13.60 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.60. There are no RPM packages for this release:\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* sudo: LPE via host option (CVE-2025-32462)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer\nOverflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute\n(jv_string_vfmt) (CVE-2025-48060)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15672",
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15672.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-06T07:56:17+00:00",
"generator": {
"date": "2026-06-06T07:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15672",
"initial_release_date": "2025-09-18T05:46:13+00:00",
"revision_history": [
{
"date": "2025-09-18T05:46:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-18T05:46:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-413.92.202509030117-0",
"product": {
"name": "rhcos-x86_64-413.92.202509030117-0",
"product_id": "rhcos-x86_64-413.92.202509030117-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@413.92.202509030117?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-413.92.202509030117-0 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
},
"product_reference": "rhcos-x86_64-413.92.202509030117-0",
"relates_to_product_reference": "9Base-RHOSE-4.13"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-32462",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-06-24T21:21:40.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374692"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: LPE via host option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as a Local Privilege Escalation (LPE), meaning an attacker needs an authenticated account before they could exploit it. Due to this restriction, the severity is rated Important. Additionally, for a system to be vulnerable, it must already be in a non-default configuration.\n\nThe system\u2019s sudoers file must contain rules that define that user\u2019s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a \u201cGolden Image,\u201d and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems.\n\nIn situations where host A\u2019s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:\n```\nAlice\thostA = ALL\nBob\thostB = ALL\n```\nIf Bob logs into hostA and runs `sudo some command`, Sudo will check that Bob has permission to run `some command` on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command.\n\nHowever, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs `sudo -h hostB some command`. In this case, Sudo will verify that Bob has permission to run `some command` on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32462"
},
{
"category": "external",
"summary": "RHBZ#2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462"
},
{
"category": "external",
"summary": "https://www.stratascale.com/resource/cve-2025-32462-sudo-host-option-vulnerability/",
"url": "https://www.stratascale.com/resource/cve-2025-32462-sudo-host-option-vulnerability/"
},
{
"category": "external",
"summary": "https://www.sudo.ws/security/advisories/host_any/",
"url": "https://www.sudo.ws/security/advisories/host_any/"
}
],
"release_date": "2025-06-30T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system.\n\nFor environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don\u2019t apply to a system are not included in the LDAP query results.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: LPE via host option"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-05-21T18:00:55.721838+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48060"
},
{
"category": "external",
"summary": "RHBZ#2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060"
},
{
"category": "external",
"summary": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w",
"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"
}
],
"release_date": "2025-05-21T17:32:43.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted input with the jq command line JSON processor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
RHSA-2025:15827
Vulnerability from csaf_redhat - Published: 2025-09-15 15:13 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: updated web-terminal/tooling container image
Severity
Important
Notes
Topic: Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.12 on RHEL 9.
Details: The Red Hat Web Terminal 1.11 on RHEL 9 web-terminal-tooling container image has been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.
Users of web-terminal/tooling container images are advised to upgrade to this updated image, which contain patches to correct security issues. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
61 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.12 on RHEL 9.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Web Terminal 1.11 on RHEL 9 web-terminal-tooling container image has been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.\n\nUsers of web-terminal/tooling container images are advised to upgrade to this updated image, which contain patches to correct security issues. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15827",
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15827.json"
}
],
"title": "Red Hat Security Advisory: updated web-terminal/tooling container image",
"tracking": {
"current_release_date": "2026-06-06T07:56:17+00:00",
"generator": {
"date": "2026-06-06T07:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15827",
"initial_release_date": "2025-09-15T15:13:16+00:00",
"revision_history": [
{
"date": "2025-09-15T15:13:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T15:13:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.12 on RHEL 9",
"product": {
"name": "Red Hat Web Terminal 1.12 on RHEL 9",
"product_id": "9Base-WebTerminal-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product_id": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1.12-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64 as a component of Red Hat Web Terminal 1.12 on RHEL 9",
"product_id": "9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
},
"product_reference": "web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:13:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.12:web-terminal/web-terminal-tooling-rhel9@sha256:f43507114dbba2dcb8083c107c0db8a2ffa4834d1250155496f3c23fbaf68413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:15828
Vulnerability from csaf_redhat - Published: 2025-09-15 15:14 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: updated web-terminal/tooling container image
Severity
Important
Notes
Topic: Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.
Details: The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.
Users of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to
upgrade to these updated images, which contain backported patches to correct
these security issues, fix these bugs and add these enhancements. Users of these
images are also encouraged to rebuild all container images that depend on these
images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
69 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.\n\nUsers of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to\nupgrade to these updated images, which contain backported patches to correct\nthese security issues, fix these bugs and add these enhancements. Users of these\nimages are also encouraged to rebuild all container images that depend on these\nimages.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15828",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling",
"url": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15828.json"
}
],
"title": "Red Hat Security Advisory: updated web-terminal/tooling container image",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15828",
"initial_release_date": "2025-09-15T15:14:08+00:00",
"revision_history": [
{
"date": "2025-09-15T15:14:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T15:14:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product": {
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_id": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1.11-19"
}
}
},
{
"category": "product_version",
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_id": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1.11-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64"
},
"product_reference": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
},
"product_reference": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:18219
Vulnerability from csaf_redhat - Published: 2025-10-16 08:41 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0
Severity
Important
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.16.0
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities
and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide
certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters.
7.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to "data" or "tar".
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to "data" or "tar".
7.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
References
69 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.16.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities\nand certificates as first-class resource types in the Kubernetes API. This makes it possible to provide\ncertificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18219",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12718",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4138",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4517",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49794",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49796",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18219.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:18219",
"initial_release_date": "2025-10-16T08:41:21+00:00",
"revision_history": [
{
"date": "2025-10-16T08:41:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-16T08:41:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.16::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Adf852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:21885
Vulnerability from csaf_redhat - Published: 2025-11-20 19:56 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update
Severity
Important
Notes
Topic: An updated OpenShift Compliance Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details: The OpenShift Compliance Operator v1.8.0 is now available.
See the documentation for bug fix information:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Important
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
Acknowledgments
Google
Pedro Gallegos
Simon Scannell
Jasiel Spelman
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Antony Di Scala
Michael Whale
James Force
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift Compliance Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenShift Compliance Operator v1.8.0 is now available.\nSee the documentation for bug fix information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21885",
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12085",
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7195",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21885.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:21885",
"initial_release_date": "2025-11-20T19:56:52+00:00",
"revision_history": [
{
"date": "2025-11-20T19:56:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-20T19:57:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Compliance Operator 1",
"product": {
"name": "OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_compliance_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Compliance Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3Ad051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-operator-bundle@sha256%3A0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3Ac953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3Ab282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pedro Gallegos",
"Simon Scannell",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12085",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2024-12-05T12:06:36.594000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330539"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Info Leak via Uninitialized Stack Contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as having Important impact as it helps bypass Address Space Layout Randomization (ASLR). ASLR is a memory protection system which makes the exploitation of memory corruption vulnerabilities more difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "RHBZ#2330539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Info Leak via Uninitialized Stack Contents"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale",
"James Force"
]
}
],
"cve": "CVE-2025-7195",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2025-07-04T08:54:01.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376300"
}
],
"notes": [
{
"category": "description",
"text": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability as moderate severity for affected products which run on OpenShift. The vulnerability allows for potential privilege escalation within a container, but OpenShift\u0027s default, multi-layered security posture effectively mitigates this risk. \n\nThe primary controls include the default Security Context Constraints (SCC), which severely limit a container\u0027s permissions from the start, and SELinux, which enforces mandatory access control to ensure strict isolation. While other container runtime environments may have different controls available and require case-by-case analysis, OpenShift\u0027s built-in defenses are designed to prevent this type of attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "RHBZ#2376300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195"
}
],
"release_date": "2025-08-07T18:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "In Red Hat OpenShift Container Platform, the following default configurations reduce the impact of this vulnerability.\n\nSecurity Context Constraints (SCCs): The default SCC, Restricted-v2, applies several crucial security settings to containers. \n\nCapabilities: drop: ALL removes all Linux capabilities, including SETUID and SETGID. This prevents a process from changing its user or group ID, a common step in privilege escalation attacks. The SETUID and SETGID capabilities can also be dropped explicitly if other capabilities are still required.\n\nallowPrivilegeEscalation: false ensures that a process cannot gain more privileges than its parent process. This blocks attempts by a compromised container process to grant itself additional capabilities.\n\nSELinux Mandatory Access Control (MAC): Pods are required to run with a pre-allocated Multi-Category Security (MCS) label. This SELinux feature provides a strong layer of isolation between containers and from the host system. A properly configured SELinux policy can prevent a container escape, even if an attacker gains elevated permissions within the container itself.\n\nFilesystem Hardening: While not a default setting, a common security practice is to set readOnlyRootFilesystem: true in a container\u0027s security context. In this specific scenario, this configuration would prevent an attacker from modifying critical files like /etc/passwd, even if they managed to gain file-level write permissions.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
RHSA-2025:21913
Vulnerability from csaf_redhat - Published: 2025-11-21 21:19 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update
Severity
Important
Notes
Topic: An updated OpenShift File Integrity Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details: The OpenShift File Integrity Operator v1.3.7 is now available.
See the documentation for bug fix information:
https://docs.openshift.com/container-platform/latest/security/file_integrity_operator/file-integrity-operator-release-notes.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files. Additionally, the output of extended attribute key names and symbolic links targets is also not properly neutralized.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 | — |
Workaround
|
Threats
Impact
Important
References
40 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift File Integrity Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenShift File Integrity Operator v1.3.7 is now available.\nSee the documentation for bug fix information:\n\nhttps://docs.openshift.com/container-platform/latest/security/file_integrity_operator/file-integrity-operator-release-notes.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21913",
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49794",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49796",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54389",
"url": "https://access.redhat.com/security/cve/CVE-2025-54389"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21913.json"
}
],
"title": "Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:21913",
"initial_release_date": "2025-11-21T21:19:46+00:00",
"revision_history": [
{
"date": "2025-11-21T21:19:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-21T21:19:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift File Integrity Operator - FIO 1",
"product": {
"name": "OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift File Integrity Operator - FIO"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-operator-bundle@sha256%3A7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64 as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64 as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-54389",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-08-12T18:45:34.800000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE\u0027s detection of malicious files. Additionally, the output of extended attribute key names and symbolic links targets is also not properly neutralized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aide: improper output neutralization enables bypassing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54389"
},
{
"category": "external",
"summary": "RHBZ#2388019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54389"
}
],
"release_date": "2025-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-21T21:19:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:7520e7694e24b0de7e904f1833f9de1bd147eba17cda43aaece3a4df259e6a73_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4_s390x",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aide: improper output neutralization enables bypassing"
}
]
}
RHSA-2026:0934
Vulnerability from csaf_redhat - Published: 2026-01-22 04:35 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Severity
Important
Notes
Topic: Release of OpenShift Serverless Logic 1.36.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release includes CVE bug fixes:
* CVE-2024-12718 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-30749 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-40778 python3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64 RHSA-2025:19835
* CVE-2025-4138 platform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-4517 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-49794 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-49796 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-50059 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-50106 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-58060 cups-libs-2.2.6-62.el8_10.x86_64 RHSA-2025:15702
* CVE-2025-5914 libarchive-3.3.3-5.el8.x86_64 RHSA-2025:14135
* CVE-2025-59375 expat-2.2.5-17.el8_10.x86_64 RHSA-2025:21776
* CVE-2025-6020 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:10027
* CVE-2025-6965 sqlite-libs-3.26.0-19.el8_9.x86_64 RHSA-2025:12010
* CVE-2025-7425 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:12450
* CVE-2025-8941 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:14557
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters.
7.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to "data" or "tar".
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to "data" or "tar".
7.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
8.0 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
102 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
Hristo Venev
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Logic 1.36.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release includes CVE bug fixes:\n* CVE-2024-12718\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-30749\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-40778\tpython3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64\tRHSA-2025:19835\n* CVE-2025-4138\tplatform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-4517\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-49794\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-49796\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-50059\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-50106\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-58060\tcups-libs-2.2.6-62.el8_10.x86_64\tRHSA-2025:15702\n* CVE-2025-5914\tlibarchive-3.3.3-5.el8.x86_64\tRHSA-2025:14135\n* CVE-2025-59375\texpat-2.2.5-17.el8_10.x86_64\tRHSA-2025:21776\n* CVE-2025-6020\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:10027\n* CVE-2025-6965\tsqlite-libs-3.26.0-19.el8_9.x86_64\tRHSA-2025:12010\n* CVE-2025-7425\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:12450\n* CVE-2025-8941\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:14557",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0934",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0934.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update \u0026 enhancements",
"tracking": {
"current_release_date": "2026-06-06T07:56:19+00:00",
"generator": {
"date": "2026-06-06T07:56:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:0934",
"initial_release_date": "2026-01-22T04:35:39+00:00",
"revision_history": [
{
"date": "2026-01-22T04:35:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T04:35:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-Openshift-Serverless-1.36",
"product": {
"name": "8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.36::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.36.0-9"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64"
},
"product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-30749",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-07T10:35:26.542000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376783"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30749"
},
{
"category": "external",
"summary": "RHBZ#2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2025-07-07T10:48:25.047000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376785"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50059"
},
{
"category": "external",
"summary": "RHBZ#2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-50106",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-09T15:41:11.313000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379031"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50106"
},
{
"category": "external",
"summary": "RHBZ#2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)"
},
{
"acknowledgments": [
{
"names": [
"Hristo Venev"
]
}
],
"cve": "CVE-2025-58060",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-09-02T12:06:54.304000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: Authentication Bypass in CUPS Authorization Handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Important, given that it enables complete authentication bypass. Exploitation requires no valid credentials and can be performed remotely in some configurations. Attackers could gain administrative privileges in CUPS, modify critical configuration files, or potentially escalate their access further depending on the system environment. The root cause is a missing authentication check when the AuthType is set to values other than Basic but a Basic authorization header is supplied.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58060"
},
{
"category": "external",
"summary": "RHBZ#2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq",
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq"
}
],
"release_date": "2025-09-11T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to a widespread installation base, or stability. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this authentication bypass vulnerability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: Authentication Bypass in CUPS Authorization Handling"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:11503
Vulnerability from csaf_redhat - Published: 2026-04-29 05:59 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
libxml2:
* libxml2-16-2.15.3-0.1.hum1 (aarch64, x86_64)
* libxml2-2.15.3-0.1.hum1 (aarch64, x86_64)
* libxml2-devel-2.15.3-0.1.hum1 (aarch64, x86_64)
* libxml2-static-2.15.3-0.1.hum1 (aarch64, x86_64)
* python3-libxml2-2.15.3-0.1.hum1 (aarch64, x86_64)
* libxml2-2.15.3-0.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libxml2-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libxml2-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libxml2-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
6.5 (Medium)
Affected products
Fixed
3 products
Threats
Impact
Moderate
References
17 references
Acknowledgments
Google Project Zero
Sergei Glazunov
Ariel Schon
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nlibxml2:\n * libxml2-16-2.15.3-0.1.hum1 (aarch64, x86_64)\n * libxml2-2.15.3-0.1.hum1 (aarch64, x86_64)\n * libxml2-devel-2.15.3-0.1.hum1 (aarch64, x86_64)\n * libxml2-static-2.15.3-0.1.hum1 (aarch64, x86_64)\n * python3-libxml2-2.15.3-0.1.hum1 (aarch64, x86_64)\n * libxml2-2.15.3-0.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11503",
"url": "https://access.redhat.com/errata/RHSA-2026:11503"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6732",
"url": "https://access.redhat.com/security/cve/CVE-2026-6732"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11503.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-06T07:56:19+00:00",
"generator": {
"date": "2026-06-06T07:56:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:11503",
"initial_release_date": "2026-04-29T05:59:17+00:00",
"revision_history": [
{
"date": "2026-04-29T05:59:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T17:06:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-main@aarch64",
"product": {
"name": "libxml2-main@aarch64",
"product_id": "libxml2-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-16@2.15.3-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-main@x86_64",
"product": {
"name": "libxml2-main@x86_64",
"product_id": "libxml2-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-16@2.15.3-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-main@src",
"product": {
"name": "libxml2-main@src",
"product_id": "libxml2-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.15.3-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libxml2-main@aarch64"
},
"product_reference": "libxml2-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libxml2-main@src"
},
"product_reference": "libxml2-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libxml2-main@x86_64"
},
"product_reference": "libxml2-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T05:59:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11503"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"acknowledgments": [
{
"names": [
"Ariel Schon"
]
}
],
"cve": "CVE-2026-6732",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-04-23T22:04:33.973000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461300"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: libxml2: Denial of Service via crafted XSD-validated document",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Per upstream:\n\u003e It\u0027s NOT recommended to use this software to process untrusted data. There is a lot of ways that a malicious crafted xml could exploit a hidden vulnerability in the software.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6732"
},
{
"category": "external",
"summary": "RHBZ#2461300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411"
}
],
"release_date": "2026-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T05:59:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11503"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libxml2-main@aarch64",
"Red Hat Hardened Images:libxml2-main@src",
"Red Hat Hardened Images:libxml2-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: libxml2: Denial of Service via crafted XSD-validated document"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…