Описание
ELSA-2025-23374: container-tools:rhel8 security update (MODERATE)
aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4.9.4-24.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]
[4:4.9.4-24]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125654
python-podman runc [4:1.2.9-2]
- update to https://github.com/opencontainers/runc/releases/tag/v1.2.9
- Resolves: RHEL-132818
skopeo [2:1.14.5-5]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125659
slirp4netns udica
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
aardvark-dns
1.10.1-2.module+el8.10.0+90731+0506229e
buildah
1.33.12-2.module+el8.10.0+90731+0506229e
buildah-tests
1.33.12-2.module+el8.10.0+90731+0506229e
cockpit-podman
84.1-1.module+el8.10.0+90731+0506229e
conmon
2.1.10-1.module+el8.10.0+90731+0506229e
container-selinux
2.229.0-2.module+el8.10.0+90731+0506229e
containernetworking-plugins
1.4.0-6.module+el8.10.0+90731+0506229e
containers-common
1-82.0.1.module+el8.10.0+90731+0506229e
crit
3.18-5.module+el8.10.0+90731+0506229e
criu
3.18-5.module+el8.10.0+90731+0506229e
criu-devel
3.18-5.module+el8.10.0+90731+0506229e
criu-libs
3.18-5.module+el8.10.0+90731+0506229e
crun
1.14.3-2.module+el8.10.0+90731+0506229e
fuse-overlayfs
1.13-1.module+el8.10.0+90731+0506229e
libslirp
4.4.0-2.module+el8.10.0+90731+0506229e
libslirp-devel
4.4.0-2.module+el8.10.0+90731+0506229e
netavark
1.10.3-1.module+el8.10.0+90731+0506229e
oci-seccomp-bpf-hook
1.2.10-1.module+el8.10.0+90731+0506229e
podman
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-catatonit
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-docker
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-gvproxy
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-plugins
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-remote
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-tests
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
python3-criu
3.18-5.module+el8.10.0+90731+0506229e
python3-podman
4.9.0-3.module+el8.10.0+90731+0506229e
runc
1.2.9-2.module+el8.10.0+90731+0506229e
skopeo
1.14.5-5.module+el8.10.0+90731+0506229e
skopeo-tests
1.14.5-5.module+el8.10.0+90731+0506229e
slirp4netns
1.2.3-1.module+el8.10.0+90731+0506229e
udica
0.2.6-21.module+el8.10.0+90731+0506229e
Oracle Linux x86_64
Module container-tools:ol8 is enabled
aardvark-dns
1.10.1-2.module+el8.10.0+90731+0506229e
buildah
1.33.12-2.module+el8.10.0+90731+0506229e
buildah-tests
1.33.12-2.module+el8.10.0+90731+0506229e
cockpit-podman
84.1-1.module+el8.10.0+90731+0506229e
conmon
2.1.10-1.module+el8.10.0+90731+0506229e
container-selinux
2.229.0-2.module+el8.10.0+90731+0506229e
containernetworking-plugins
1.4.0-6.module+el8.10.0+90731+0506229e
containers-common
1-82.0.1.module+el8.10.0+90731+0506229e
crit
3.18-5.module+el8.10.0+90731+0506229e
criu
3.18-5.module+el8.10.0+90731+0506229e
criu-devel
3.18-5.module+el8.10.0+90731+0506229e
criu-libs
3.18-5.module+el8.10.0+90731+0506229e
crun
1.14.3-2.module+el8.10.0+90731+0506229e
fuse-overlayfs
1.13-1.module+el8.10.0+90731+0506229e
libslirp
4.4.0-2.module+el8.10.0+90731+0506229e
libslirp-devel
4.4.0-2.module+el8.10.0+90731+0506229e
netavark
1.10.3-1.module+el8.10.0+90731+0506229e
oci-seccomp-bpf-hook
1.2.10-1.module+el8.10.0+90731+0506229e
podman
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-catatonit
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-docker
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-gvproxy
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-plugins
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-remote
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
podman-tests
4.9.4-24.0.1.module+el8.10.0+90731+0506229e
python3-criu
3.18-5.module+el8.10.0+90731+0506229e
python3-podman
4.9.0-3.module+el8.10.0+90731+0506229e
runc
1.2.9-2.module+el8.10.0+90731+0506229e
skopeo
1.14.5-5.module+el8.10.0+90731+0506229e
skopeo-tests
1.14.5-5.module+el8.10.0+90731+0506229e
slirp4netns
1.2.3-1.module+el8.10.0+90731+0506229e
udica
0.2.6-21.module+el8.10.0+90731+0506229e
Связанные CVE
Связанные уязвимости
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Unbounded allocation when parsing GNU sparse map in archive/tar
tar.Reader does not set a maximum size on the number of sparse region ...
