Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-8941 (GCVE-0-2025-8941)
Vulnerability from cvelistv5 – Published: 2025-08-13 14:42 – Updated: 2026-02-26 17:48
VLAI
EPSS
Title
Linux-pam: incomplete fix for cve-2025-6020
Summary
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
19 references
Impacted products
26 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.1.8-23.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.3.1-38.el8_10 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.3.1-8.el8_2.2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.3.1-14.el8_4.2 , < *
(rpm)
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.3.1-14.el8_4.2 , < *
(rpm)
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.3.1-16.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.3.1-16.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.3.1-16.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.3.1-26.el8_8.2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.3.1-26.el8_8.2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.5.1-26.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.5.1-9.el9_0.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.5.1-15.el9_2.2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.5.1-24.el9_4.1 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-19 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-8 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 on RHEL 9 |
Unaffected:
1.12-4 , < *
(rpm)
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | cert-manager operator for Red Hat OpenShift 1.16 |
Unaffected:
sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323 , < *
(rpm)
cpe:/a:redhat:cert_manager:1.16::el9 |
|
| Red Hat | Compliance Operator 1 |
Unaffected:
sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628 , < *
(rpm)
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
Date Public
2025-08-13 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T03:56:02.437686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:41.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/linux-pam/linux-pam",
"defaultStatus": "unaffected",
"packageName": "linux-pam"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.8-23.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-38.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-8.el8_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-14.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-14.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-26.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-26.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-26.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-26.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-9.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-15.el9_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-24.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-rhel9-operator",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.12 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:cert_manager:1.16::el9"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-rhel9",
"product": "cert-manager operator for Red Hat OpenShift 1.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-openscap-rhel8",
"product": "Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-08-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:56:35.028Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:14557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"name": "RHSA-2025:15099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"name": "RHSA-2025:15100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"name": "RHSA-2025:15101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"name": "RHSA-2025:15102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"name": "RHSA-2025:15103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"name": "RHSA-2025:15104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"name": "RHSA-2025:15105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"name": "RHSA-2025:15106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"name": "RHSA-2025:15107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"name": "RHSA-2025:15709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"name": "RHSA-2025:15827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"name": "RHSA-2025:15828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"name": "RHSA-2025:16524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"name": "RHSA-2025:17181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"name": "RHSA-2025:18219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"name": "RHSA-2025:21885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"name": "RHBZ#2388220",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T12:11:55.270Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Linux-pam: incomplete fix for cve-2025-6020",
"workarounds": [
{
"lang": "en",
"value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-8941",
"datePublished": "2025-08-13T14:42:37.570Z",
"dateReserved": "2025-08-13T12:24:47.522Z",
"dateUpdated": "2026-02-26T17:48:41.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-8941",
"date": "2026-06-05",
"epss": "0.00022",
"percentile": "0.06535"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8941\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-08-13T15:15:41.873\",\"lastModified\":\"2025-11-20T21:16:08.110\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \\\"complete\\\" fix for CVE-2025-6020.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en linux-pam. El m\u00f3dulo pam_namespace podr\u00eda gestionar incorrectamente las rutas controladas por el usuario, lo que permite a los usuarios locales explotar ataques de enlaces simb\u00f3licos y condiciones de ejecuci\u00f3n para elevar sus privilegios a root. Esta CVE proporciona una soluci\u00f3n completa para CVE-2025-6020.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14557\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15099\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15100\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15101\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15102\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15103\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15104\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15105\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15106\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15107\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15709\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15827\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15828\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16524\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:17181\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18219\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21885\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-8941\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2388220\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8941\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T14:50:37.619035Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T14:50:43.534Z\"}}], \"cna\": {\"title\": \"Linux-pam: incomplete fix for cve-2025-6020\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"packageName\": \"linux-pam\", \"collectionURL\": \"https://github.com/linux-pam/linux-pam\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.1.8-23.el7_9.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-38.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-8.el8_2.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-14.el8_4.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-14.el8_4.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-26.el8_8.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-26.el8_8.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-26.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-26.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-9.el9_0.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-15.el9_2.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.4::baseos\", \"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-24.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-19\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager operator for Red Hat OpenShift 1.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"cert-manager/jetstack-cert-manager-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-openscap-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"insights-proxy/insights-proxy-container-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-monitor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-payload-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-13T12:11:55.270Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-08-13T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-08-13T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:14557\", \"name\": \"RHSA-2025:14557\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15099\", \"name\": \"RHSA-2025:15099\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15100\", \"name\": \"RHSA-2025:15100\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15101\", \"name\": \"RHSA-2025:15101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15102\", \"name\": \"RHSA-2025:15102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15103\", \"name\": \"RHSA-2025:15103\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15104\", \"name\": \"RHSA-2025:15104\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15105\", \"name\": \"RHSA-2025:15105\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15106\", \"name\": \"RHSA-2025:15106\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15107\", \"name\": \"RHSA-2025:15107\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15709\", \"name\": \"RHSA-2025:15709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15827\", \"name\": \"RHSA-2025:15827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15828\", \"name\": \"RHSA-2025:15828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:16524\", \"name\": \"RHSA-2025:16524\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:17181\", \"name\": \"RHSA-2025:17181\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18219\", \"name\": \"RHSA-2025:18219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21885\", \"name\": \"RHSA-2025:21885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-8941\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2388220\", \"name\": \"RHBZ#2388220\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \\\"complete\\\" fix for CVE-2025-6020.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-12-10T20:56:35.028Z\"}, \"x_redhatCweChain\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-8941\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-10T20:56:35.028Z\", \"dateReserved\": \"2025-08-13T12:24:47.522Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-08-13T14:42:37.570Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:15828
Vulnerability from csaf_redhat - Published: 2025-09-15 15:14 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: updated web-terminal/tooling container image
Severity
Important
Notes
Topic: Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.
Details: The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.
Users of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to
upgrade to these updated images, which contain backported patches to correct
these security issues, fix these bugs and add these enhancements. Users of these
images are also encouraged to rebuild all container images that depend on these
images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
69 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated web-terminal/tooling container image is now available for Red Hat Web Terminal 1.11 on RHEL 9.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Web Terminal 1.11 on RHEL 9 container images have been updated to fix the following important CVEs: CVE-2025-5914, CVE-2025-49794, CVE-2025-49796, CVE-2025-6020, CVE-2025-48384, CVE-2025-48385, CVE-2025-7425, CVE-2025-6965, CVE-2025-8941.\n\nUsers of Red Hat Web Terminal 1.11 on RHEL 9 container images are advised to\nupgrade to these updated images, which contain backported patches to correct\nthese security issues, fix these bugs and add these enhancements. Users of these\nimages are also encouraged to rebuild all container images that depend on these\nimages.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15828",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling",
"url": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15828.json"
}
],
"title": "Red Hat Security Advisory: updated web-terminal/tooling container image",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:15828",
"initial_release_date": "2025-09-15T15:14:08+00:00",
"revision_history": [
{
"date": "2025-09-15T15:14:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T15:14:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product": {
"name": "Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_id": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1.11-19"
}
}
},
{
"category": "product_version",
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_id": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1.11-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64"
},
"product_reference": "web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64 as a component of Red Hat Web Terminal 1.11 on RHEL 9",
"product_id": "9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
},
"product_reference": "web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64",
"relates_to_product_reference": "9Base-WebTerminal-1.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T15:14:08+00:00",
"details": "The Red Hat Web Terminal 1.11 on RHEL 9 container images provided by this update\ncan be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-WebTerminal-1.11:web-terminal/web-terminal-rhel9-operator@sha256:97ba3d6db8959c3ccfef82325d9fe8098fb86cc4ecb0bb00933340c693d98603_amd64",
"9Base-WebTerminal-1.11:web-terminal/web-terminal-tooling-rhel9@sha256:fcda84411ef1356fb44a6b16d1ab95189f31ca056cc977114c395da0c5b202bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:16524
Vulnerability from csaf_redhat - Published: 2025-09-23 19:28 - Updated: 2026-06-05 00:26Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64 | — |
Workaround
|
Threats
Impact
Important
References
30 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16524",
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16524.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-06-05T00:26:55+00:00",
"generator": {
"date": "2026-06-05T00:26:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:16524",
"initial_release_date": "2025-09-23T19:28:34+00:00",
"revision_history": [
{
"date": "2025-09-23T19:28:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T19:28:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:26:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ac85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.2.1-1758555934"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.2.0-1758132611"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.2.1-1758555934"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Adef60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.2.0-1758132611"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T19:28:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T19:28:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T19:28:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T19:28:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:87fd07b40ae5dc04d446b4b44a846aeb898e56c627e917d0c0675e7905f42a02_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:def60eacc396cb99e19746aa7afb3af1aa56da9fd9bba87262ad2d01a5f24a9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
RHSA-2025:17181
Vulnerability from csaf_redhat - Published: 2025-10-01 16:41 - Updated: 2026-06-02 15:25Summary
Red Hat Security Advisory: Insights proxy Container Image
Severity
Important
Notes
Topic: Initial GA Release of Red Hat Insights proxy
Details: The Insights proxy Container is used by the Insights proxy product RPM
and serves as an intermediary between cystomer systems in disconnected networks,
air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing
a layer of privary and security for disconnected customer systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
36 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17181",
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32988",
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32989",
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32990",
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6395",
"url": "https://access.redhat.com/security/cve/CVE-2025-6395"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17181.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-06-02T15:25:04+00:00",
"generator": {
"date": "2026-06-02T15:25:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:17181",
"initial_release_date": "2025-10-01T16:41:41+00:00",
"revision_history": [
{
"date": "2025-10-01T16:41:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-01T16:41:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:25:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.7-1759331989"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.7-1759331989"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6395",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-07-07T09:30:13.037000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376755"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6395"
},
{
"category": "external",
"summary": "RHBZ#2376755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1718",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1718"
},
{
"category": "external",
"summary": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
}
],
"release_date": "2025-07-10T07:56:53.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-04-15T01:21:36.833000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359622"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS otherName SAN export",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important because, although it involves a memory management flaw (double-free) that can potentially lead to memory corruption, practical exploitation is limited by modern memory protection mechanisms and contextual constraints. The issue occurs only when processing malformed SAN otherName entries through public GnuTLS APIs\u2014an uncommon and controlled code path in most deployments. Furthermore, exploitation for arbitrary code execution is highly dependent on allocator behavior and requires precise heap manipulation, which is non-trivial under defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and hardened memory allocators. In the majority of cases, the outcome would be a crash or denial of service rather than a reliable compromise of integrity or confidentiality. Therefore, given its limited attack surface, dependency on crafted input, and the presence of strong runtime mitigations, the impact justifies a Moderate severity classification instead of Important.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"category": "external",
"summary": "RHBZ#2359622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988"
},
{
"category": "external",
"summary": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
}
],
"release_date": "2025-07-10T07:55:14.310000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS otherName SAN export"
},
{
"cve": "CVE-2025-32989",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-04-15T01:21:36.512000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359621"
}
],
"notes": [
{
"category": "description",
"text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS SCT extension parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"category": "external",
"summary": "RHBZ#2359621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989"
},
{
"category": "external",
"summary": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
}
],
"release_date": "2025-07-10T07:54:13.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS SCT extension parsing"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-04-15T01:21:36.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359620"
}
],
"notes": [
{
"category": "description",
"text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS certtool template parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"category": "external",
"summary": "RHBZ#2359620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990"
},
{
"category": "external",
"summary": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
}
],
"release_date": "2025-07-09T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T16:41:41+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS certtool template parsing"
}
]
}
RHSA-2025:18219
Vulnerability from csaf_redhat - Published: 2025-10-16 08:41 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0
Severity
Important
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.16.0
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities
and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide
certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters.
7.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to "data" or "tar".
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to "data" or "tar".
7.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 | — |
Workaround
|
Threats
Impact
Important
References
69 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.16.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities\nand certificates as first-class resource types in the Kubernetes API. This makes it possible to provide\ncertificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18219",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12718",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4138",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4517",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49794",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49796",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18219.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:18219",
"initial_release_date": "2025-10-16T08:41:21+00:00",
"revision_history": [
{
"date": "2025-10-16T08:41:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-16T08:41:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.16::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Adf852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
RHSA-2025:21885
Vulnerability from csaf_redhat - Published: 2025-11-20 19:56 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update
Severity
Important
Notes
Topic: An updated OpenShift Compliance Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details: The OpenShift Compliance Operator v1.8.0 is now available.
See the documentation for bug fix information:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — | ||
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Important
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
Acknowledgments
Google
Pedro Gallegos
Simon Scannell
Jasiel Spelman
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Antony Di Scala
Michael Whale
James Force
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift Compliance Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenShift Compliance Operator v1.8.0 is now available.\nSee the documentation for bug fix information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21885",
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12085",
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7195",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21885.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-06T07:56:18+00:00",
"generator": {
"date": "2026-06-06T07:56:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:21885",
"initial_release_date": "2025-11-20T19:56:52+00:00",
"revision_history": [
{
"date": "2025-11-20T19:56:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-20T19:57:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Compliance Operator 1",
"product": {
"name": "OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_compliance_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Compliance Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3Ad051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779?arch=s390x\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-operator-bundle@sha256%3A0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3Ac953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628?arch=amd64\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049?arch=arm64\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3Ab282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64 as a component of OpenShift Compliance Operator 1",
"product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64",
"relates_to_product_reference": "OpenShift Compliance Operator 1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pedro Gallegos",
"Simon Scannell",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12085",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2024-12-05T12:06:36.594000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330539"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Info Leak via Uninitialized Stack Contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as having Important impact as it helps bypass Address Space Layout Randomization (ASLR). ASLR is a memory protection system which makes the exploitation of memory corruption vulnerabilities more difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "RHBZ#2330539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Info Leak via Uninitialized Stack Contents"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale",
"James Force"
]
}
],
"cve": "CVE-2025-7195",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2025-07-04T08:54:01.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376300"
}
],
"notes": [
{
"category": "description",
"text": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability as moderate severity for affected products which run on OpenShift. The vulnerability allows for potential privilege escalation within a container, but OpenShift\u0027s default, multi-layered security posture effectively mitigates this risk. \n\nThe primary controls include the default Security Context Constraints (SCC), which severely limit a container\u0027s permissions from the start, and SELinux, which enforces mandatory access control to ensure strict isolation. While other container runtime environments may have different controls available and require case-by-case analysis, OpenShift\u0027s built-in defenses are designed to prevent this type of attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "RHBZ#2376300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195"
}
],
"release_date": "2025-08-07T18:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "In Red Hat OpenShift Container Platform, the following default configurations reduce the impact of this vulnerability.\n\nSecurity Context Constraints (SCCs): The default SCC, Restricted-v2, applies several crucial security settings to containers. \n\nCapabilities: drop: ALL removes all Linux capabilities, including SETUID and SETGID. This prevents a process from changing its user or group ID, a common step in privilege escalation attacks. The SETUID and SETGID capabilities can also be dropped explicitly if other capabilities are still required.\n\nallowPrivilegeEscalation: false ensures that a process cannot gain more privileges than its parent process. This blocks attempts by a compromised container process to grant itself additional capabilities.\n\nSELinux Mandatory Access Control (MAC): Pods are required to run with a pre-allocated Multi-Category Security (MCS) label. This SELinux feature provides a strong layer of isolation between containers and from the host system. A properly configured SELinux policy can prevent a container escape, even if an attacker gains elevated permissions within the container itself.\n\nFilesystem Hardening: While not a default setting, a common security practice is to set readOnlyRootFilesystem: true in a container\u0027s security context. In this specific scenario, this configuration would prevent an attacker from modifying critical files like /etc/passwd, even if they managed to gain file-level write permissions.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"known_not_affected": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T19:56:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:79554e96e4780fe3c219058a2d6408aa08dda31de091b7b7a647ed5f939e4712_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:7dfec9fbabaa748bbd91732ca5beebbd773306d5227a4f23af8fb0e444f0a779_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:d051f621dbcf4ec798b3782b8a49187852d1e352fd956131491288e36366dd89_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:09f37fa618a4e02460b28b1097148573b395354300db5f917ed155ab7968b779_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:0bc0b7a20ce3c6303a45a699f44d2b90597b6a62846e89a5bca285b3228a9a52_amd64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02_ppc64le",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf_s390x",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83_arm64",
"OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
RHSA-2026:0934
Vulnerability from csaf_redhat - Published: 2026-01-22 04:35 - Updated: 2026-06-06 07:56Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Severity
Important
Notes
Topic: Release of OpenShift Serverless Logic 1.36.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release includes CVE bug fixes:
* CVE-2024-12718 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-30749 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-40778 python3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64 RHSA-2025:19835
* CVE-2025-4138 platform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-4517 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-49794 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-49796 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-50059 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-50106 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-58060 cups-libs-2.2.6-62.el8_10.x86_64 RHSA-2025:15702
* CVE-2025-5914 libarchive-3.3.3-5.el8.x86_64 RHSA-2025:14135
* CVE-2025-59375 expat-2.2.5-17.el8_10.x86_64 RHSA-2025:21776
* CVE-2025-6020 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:10027
* CVE-2025-6965 sqlite-libs-3.26.0-19.el8_9.x86_64 RHSA-2025:12010
* CVE-2025-7425 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:12450
* CVE-2025-8941 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:14557
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters.
7.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to "data" or "tar".
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to "data" or "tar".
7.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
7.8 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
9.1 (Critical)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
9.1 (Critical)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
8.0 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
102 references
Acknowledgments
ANSSI - French Cybersecurity Agency
Olivier BAL-PETRE
Google Project Zero
Sergei Glazunov
Hristo Venev
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Logic 1.36.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release includes CVE bug fixes:\n* CVE-2024-12718\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-30749\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-40778\tpython3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64\tRHSA-2025:19835\n* CVE-2025-4138\tplatform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-4517\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-49794\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-49796\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-50059\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-50106\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-58060\tcups-libs-2.2.6-62.el8_10.x86_64\tRHSA-2025:15702\n* CVE-2025-5914\tlibarchive-3.3.3-5.el8.x86_64\tRHSA-2025:14135\n* CVE-2025-59375\texpat-2.2.5-17.el8_10.x86_64\tRHSA-2025:21776\n* CVE-2025-6020\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:10027\n* CVE-2025-6965\tsqlite-libs-3.26.0-19.el8_9.x86_64\tRHSA-2025:12010\n* CVE-2025-7425\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:12450\n* CVE-2025-8941\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:14557",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0934",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0934.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update \u0026 enhancements",
"tracking": {
"current_release_date": "2026-06-06T07:56:19+00:00",
"generator": {
"date": "2026-06-06T07:56:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:0934",
"initial_release_date": "2026-01-22T04:35:39+00:00",
"revision_history": [
{
"date": "2026-01-22T04:35:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T04:35:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T07:56:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-Openshift-Serverless-1.36",
"product": {
"name": "8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.36::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.36.0-9"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64"
},
"product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx",
"url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-30749",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-07T10:35:26.542000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376783"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30749"
},
{
"category": "external",
"summary": "RHBZ#2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2025-07-07T10:48:25.047000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376785"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50059"
},
{
"category": "external",
"summary": "RHBZ#2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-50106",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-09T15:41:11.313000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379031"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50106"
},
{
"category": "external",
"summary": "RHBZ#2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)"
},
{
"acknowledgments": [
{
"names": [
"Hristo Venev"
]
}
],
"cve": "CVE-2025-58060",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-09-02T12:06:54.304000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: Authentication Bypass in CUPS Authorization Handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Important, given that it enables complete authentication bypass. Exploitation requires no valid credentials and can be performed remotely in some configurations. Attackers could gain administrative privileges in CUPS, modify critical configuration files, or potentially escalate their access further depending on the system environment. The root cause is a missing authentication check when the AuthType is set to values other than Basic but a Basic authorization header is supplied.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58060"
},
{
"category": "external",
"summary": "RHBZ#2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq",
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq"
}
],
"release_date": "2025-09-11T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to a widespread installation base, or stability. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this authentication bypass vulnerability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: Authentication Bypass in CUPS Authorization Handling"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
WID-SEC-W-2025-1828
Vulnerability from csaf_certbund - Published: 2025-08-13 22:00 - Updated: 2026-01-21 23:00Summary
PAM (linux-pam package): Schwachstelle ermöglicht Erlangen von Administratorrechten
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Linux Pluggable Authentication Modules (PAM) ist eine Sammlung von Bibliotheken, die es einem Linux-Systemadministrator ermöglichen, Methoden zur Authentifizierung von Benutzern zu konfigurieren.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in PAM ausnutzen, um Administratorrechte zu erlangen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.16.0
IBM / App Connect Enterprise
|
<12.16.0 | ||
|
IBM App Connect Enterprise <12.0.16
IBM / App Connect Enterprise
|
<12.0.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:operator
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source PAM <1.7.1
Open Source / PAM
|
<1.7.1 | ||
|
IBM Power Hardware Management Console
IBM
|
cpe:/a:ibm:hardware_management_console:v10
|
— |
References
25 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Linux Pluggable Authentication Modules (PAM) ist eine Sammlung von Bibliotheken, die es einem Linux-Systemadministrator erm\u00f6glichen, Methoden zur Authentifizierung von Benutzern zu konfigurieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in PAM ausnutzen, um Administratorrechte zu erlangen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1828 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1828.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1828 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1828"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2388220 vom 2025-08-13",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15107 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15102 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15104 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15099 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15100 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15103 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15101 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15105 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15106 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15099 vom 2025-09-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-15099.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15827 vom 2025-09-15",
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15828 vom 2025-09-15",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16524 vom 2025-09-23",
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7246105 vom 2025-09-25",
"url": "https://www.ibm.com/support/pages/node/7246105"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7246875 vom 2025-10-01",
"url": "https://www.ibm.com/support/pages/node/7246875"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:15099 vom 2025-10-10",
"url": "https://errata.build.resf.org/RLSA-2025:15099"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18219 vom 2025-10-16",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "external",
"summary": "Ameeba\u0027s Blog vom 2025-10-19",
"url": "https://www.ameeba.com/blog/cve-2025-8941-critical-privilege-escalation-vulnerability-in-linux-pam/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3057 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3057.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251861 vom 2025-11-19",
"url": "https://www.ibm.com/support/pages/node/7251861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21885 vom 2025-11-20",
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0934 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"source_lang": "en-US",
"title": "PAM (linux-pam package): Schwachstelle erm\u00f6glicht Erlangen von Administratorrechten",
"tracking": {
"current_release_date": "2026-01-21T23:00:00.000+00:00",
"generator": {
"date": "2026-01-22T08:55:22.604+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1828",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-15T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-09T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "10",
"summary": "PoC aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-20T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.16.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.16.0",
"product_id": "T047348"
}
},
{
"category": "product_version",
"name": "12.16.0",
"product": {
"name": "IBM App Connect Enterprise 12.16.0",
"product_id": "T047348-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.16.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.16",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.16",
"product_id": "T047349"
}
},
{
"category": "product_version",
"name": "12.0.16",
"product": {
"name": "IBM App Connect Enterprise 12.0.16",
"product_id": "T047349-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.16"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
},
{
"category": "product_name",
"name": "IBM Power Hardware Management Console",
"product": {
"name": "IBM Power Hardware Management Console",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.1",
"product": {
"name": "Open Source PAM \u003c1.7.1",
"product_id": "T046236"
}
},
{
"category": "product_version",
"name": "1.7.1",
"product": {
"name": "Open Source PAM 1.7.1",
"product_id": "T046236-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:kernel:linux-pam:1.7.1"
}
}
}
],
"category": "product_name",
"name": "PAM"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"product_status": {
"known_affected": [
"T047348",
"T047349",
"67646",
"398363",
"T036688",
"T004914",
"T032255",
"T046236",
"T023373"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-8941"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…