Описание
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
-
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
-
github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 2268022
- Red Hat - 2418462
- Red Hat - 2418900
Связанные уязвимости
ELSA-2026-3428: container-tools:ol8 security update (IMPORTANT)
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
Errors returned from JSON marshaling may break template escaping in html/template